--===============1442684786== Content-Type: multipart/signed; boundary="nextPart4586432.vZGRtZVi7I"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart4586432.vZGRtZVi7I Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Dave Feustel wrote: >I did not say that. In fact, if the intruder is coming in through a > socket, rm'ing the sockets makes sense since it is not disrupting any > of my activities. If the intruder is coming through a socket, then the intruder has already=20 achieved your UID. Sockets are the least of your worries at that point. >> I'm sorry, but how is this helping? > >The 'spontaneous' changes of device file permissions and the occurrances > of other strange events on my computer have dropped off essentially to > zero. Device file permissions? Those in /dev? Your user can't change them and=20 KDE can't change them without a setuid root program. >> Right, your original text doesn't say it. My reply did: those sockets >> are no longer used. > >I reserve judgement You said "KDE isn't running at this point", so I said: those sockets are=20 closed and no longer in use. Open KDE sockets don't provide any security except that of the filesystem.= =20 Any process running on your UID can connect to them and send commands to=20 them. No authentication is performed. Your only security is that provided=20 by the filesystem in which the ksocket dir is (generally=20 $TMPDIR/ksocket-$USERNAME), because the dir is created 0700. >It may be that only I can be sure that there were intrusions since only > I should be able to change file permissions, I remember what changes I > made, and now the changes have been changed. But unless you are > watching over my shoulder when I make the changes uninterruptedly until > later when I reexamine the files and see the changes undone, you have > no hard evidence that what I am relating has taken place. This is a big > reason why I am loathe to try to convince anyone at all. So don't try to convince anyone at all. Especially not about security=20 problems: if you can't convince anyone that they exist, they probably=20 don't exist. >The main thing I have seen is repeated undoing of my changes of > ownership and also of permissions of /dev/[pt]typ[0-9a-e]. Konsole and a number of programs change those permissions. That's normal=20 operation. In fact, the normal operation of opening a pseudo-teletype is=20 to chown it to the user in question, which is why kgrantpty exists in the=20 first place and has to be setuid root. On Linux systems and others that have Unix98 PTYs, this isn't necessary=20 because the kernel takes care of setting the proper permissions. >For starters, start kde, do some things, exit kde, then do a find /tmp > -ls. There always seem to be KDE sockets lying around. I have "export > TMPDIR=3D/home/daf/Tmp" in my .profile (and do "rm -rf Tmp/*" after a kde > session) but some KDE and XORG temp files are still put in /tmp. I now > do "rm -rf /tmp/*" regularly to get rid of the files remaining. As I said, report those as bugs. We need to identify the process that left= =20 them existing and the condition in which it happened. The name of the=20 file is important. =2D-=20 Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358 2. T=F3 cennan his weorc gearu, ymbe se circolwyrde, wear=F0 se c=E6gbord a= nd se=20 leohtspeccabord, and =FEa m=FDs c=F3mon lator. On =FEone d=E6g, he hine res= te. --nextPart4586432.vZGRtZVi7I Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQBDsZi9M/XwBW70U1gRAgMpAJ46kJty+kd4pMYUERUYHigVpyebPQCgwDoe tbvvrrPlMr10uv9mS/h4uA0= =ux8I -----END PGP SIGNATURE----- --nextPart4586432.vZGRtZVi7I-- --===============1442684786== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << --===============1442684786==--