headers
Huzaifa Sidhpurwala | 15 Sep 11:59
Favicon

Fedora Week News, Issue 143


Fedora Weekly News Issue 143
============================

Welcome to Fedora Weekly News Issue 143 for the week ending September 7,
2008.

http://fedoraproject.org/wiki/FWN/Issue143

This week Announcements trumpets the arrival of a new version of Bodhi,
the freeze of Rawhide and some essential reading on the new package
keys. In Developments we shock you with "Non-X System Consoles to be
Removed". Virtualization alerts you to "Virt-manager 0.6.0 Released" and
dives into how developers are "Laying the Groundwork for Xen Domain 0
Support". The ever entertaining Artwork beat examines "How to Select a
Winning Theme" and SecurityAdvisories provides a handy list for your
perusal.

If you are interested in contributing to Fedora Weekly News, please see
our 'join' page[1].

[1] http://fedoraproject.org/wiki/NewsProject/Join

=Announcements=

In this section, we cover announcements from the Fedora Project.

http://www.redhat.com/archives/fedora-announce-list/

http://www.redhat.com/archives/fedora-devel-announce/
(Continue reading)

Permalink | Reply |
headers
Dave Feustel | 15 Sep 13:46

Removing System Consoles from Fedora

On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Fedora Weekly News Issue 143
> ============================
> 
> Welcome to Fedora Weekly News Issue 143 for the week ending September 7,
> 2008.
> 
> http://fedoraproject.org/wiki/FWN/Issue143
> 
> This week Announcements trumpets the arrival of a new version of Bodhi,
> the freeze of Rawhide and some essential reading on the new package
> keys. In Developments we shock you with
>"Non-X System Consoles to be  Removed".

What is the point of removing the System Consoles?

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Mike Burger | 15 Sep 15:48

Re: Removing System Consoles from Fedora


> On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Fedora Weekly News Issue 143
>> ============================
>>
>> Welcome to Fedora Weekly News Issue 143 for the week ending September 7,
>> 2008.
>>
>> http://fedoraproject.org/wiki/FWN/Issue143
>>
>> This week Announcements trumpets the arrival of a new version of Bodhi,
>> the freeze of Rawhide and some essential reading on the new package
>> keys. In Developments we shock you with
>>"Non-X System Consoles to be  Removed".
>
> What is the point of removing the System Consoles?

Other than securing the system's keyboard/console from unintended login
attempts?

--

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
(Continue reading)

Permalink | Reply |
headers
Dave Feustel | 15 Sep 16:34

Re: Removing System Consoles from Fedora

On Mon, Sep 15, 2008 at 09:48:12AM -0400, Mike Burger wrote:
> 
> > On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Fedora Weekly News Issue 143
> >> ============================
> >>
> >> Welcome to Fedora Weekly News Issue 143 for the week ending September 7,
> >> 2008.
> >>
> >> http://fedoraproject.org/wiki/FWN/Issue143
> >>
> >> This week Announcements trumpets the arrival of a new version of Bodhi,
> >> the freeze of Rawhide and some essential reading on the new package
> >> keys. In Developments we shock you with
> >>"Non-X System Consoles to be  Removed".
> >
> > What is the point of removing the System Consoles?
> 
> Other than securing the system's keyboard/console from unintended login
> attempts?

Console logins are the only hope of session security since X seems to have ongoing
vulnerabilities.

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 15 Sep 16:38

Re: Removing System Consoles from Fedora


> On Mon, Sep 15, 2008 at 09:48:12AM -0400, Mike Burger wrote:
>>
>> > On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> Fedora Weekly News Issue 143
>> >> ============================
>> >>
>> >> Welcome to Fedora Weekly News Issue 143 for the week ending September
>> 7,
>> >> 2008.
>> >>
>> >> http://fedoraproject.org/wiki/FWN/Issue143
>> >>
>> >> This week Announcements trumpets the arrival of a new version of
>> Bodhi,
>> >> the freeze of Rawhide and some essential reading on the new package
>> >> keys. In Developments we shock you with
>> >>"Non-X System Consoles to be  Removed".
>> >
>> > What is the point of removing the System Consoles?
>>
>> Other than securing the system's keyboard/console from unintended login
>> attempts?
>
> Console logins are the only hope of session security since X seems to have
> ongoing
> vulnerabilities.
(Continue reading)

Permalink | Reply |
headers
Dave Feustel | 15 Sep 17:46
Favicon

Re: Removing System Consoles from Fedora

On Mon, Sep 15, 2008 at 10:38:51AM -0400, Mike Burger wrote:
> 
> > On Mon, Sep 15, 2008 at 09:48:12AM -0400, Mike Burger wrote:
> >>
> >> > On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >> Fedora Weekly News Issue 143
> >> >> ============================
> >> >>
> >> >> Welcome to Fedora Weekly News Issue 143 for the week ending September
> >> 7,
> >> >> 2008.
> >> >>
> >> >> http://fedoraproject.org/wiki/FWN/Issue143
> >> >>
> >> >> This week Announcements trumpets the arrival of a new version of
> >> Bodhi,
> >> >> the freeze of Rawhide and some essential reading on the new package
> >> >> keys. In Developments we shock you with
> >> >>"Non-X System Consoles to be  Removed".
> >> >
> >> > What is the point of removing the System Consoles?
> >>
> >> Other than securing the system's keyboard/console from unintended login
> >> attempts?
> >
> > Console logins are the only hope of session security since X seems to have
> > ongoing
(Continue reading)

Permalink | Reply |
headers
Andrew Parker | 15 Sep 17:55

Re: Removing System Consoles from Fedora

On Mon, Sep 15, 2008 at 10:38 AM, Mike Burger <mburger <at> bubbanfriends.org> wrote:
>
>> On Mon, Sep 15, 2008 at 09:48:12AM -0400, Mike Burger wrote:
>>>
>>> > On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
>>> >> http://fedoraproject.org/wiki/FWN/Issue143
>>> >>
>>> >> This week Announcements trumpets the arrival of a new version of
>>> Bodhi,
>>> >> the freeze of Rawhide and some essential reading on the new package
>>> >> keys. In Developments we shock you with
>>> >>"Non-X System Consoles to be  Removed".
>>> >
>>> > What is the point of removing the System Consoles?
>>>
>>> Other than securing the system's keyboard/console from unintended login
>>> attempts?
>>
>> Console logins are the only hope of session security since X seems to have
>> ongoing
>> vulnerabilities.
>
> It's probably more of an issue with the system consoles being accessible
> by anyone who can enter into the room where the servers are located.
>

It is the virtual terminals, its nothing to do with physical access to
the hosts.  The reasoning is that some features don't work in some
locales, and its not being maintained any more.
(Continue reading)

Permalink | Reply |
headers
Tim | 16 Sep 06:54

Re: Removing System Consoles from Fedora

On Mon, 2008-09-15 at 11:55 -0400, Andrew Parker wrote:
> It is the virtual terminals, its nothing to do with physical access to
> the hosts.  The reasoning is that some features don't work in some
> locales, and its not being maintained any more.

I just hope that this /improvement/ is just as described - removing them
as a default, and it still being an option that we can put them back on,
if we want to.  I've certainly needed to make use of them from time to
time.

One of the good things about *ix has been the terminals.  For instance,
we can read them as the computer boots up and shuts down.  If something
gets stuck, we can see what it was.  Unlike with Windows, where you
stare at a blank screen, waiting for it to complete, with no clue as to
what's holding things up.

And, one can switch to another terminal, and wrest control back from
something that's gone doolally.

-- 
[tim <at> localhost ~]$ uname -r
2.6.25.14-108.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
(Continue reading)

Permalink | Reply |
headers
Tom Horsley | 16 Sep 00:36
Favicon

Re: Removing System Consoles from Fedora

On Mon, 15 Sep 2008 09:48:12 -0400 (EDT)
"Mike Burger" <mburger <at> bubbanfriends.org> wrote:

> > What is the point of removing the System Consoles?  
> 
> Other than securing the system's keyboard/console from unintended login
> attempts?

Erasing the disk could also secure the system from unintended logins :-).

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Mike Burger | 16 Sep 06:11

Re: Removing System Consoles from Fedora


> On Mon, 15 Sep 2008 09:48:12 -0400 (EDT)
> "Mike Burger" <mburger <at> bubbanfriends.org> wrote:
>
>> > What is the point of removing the System Consoles?
>>
>> Other than securing the system's keyboard/console from unintended login
>> attempts?
>
> Erasing the disk could also secure the system from unintended logins :-).

To be sure...but the deleterious effects of such security would render the
discussion moot. ;-)
-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email message to:

site-update-subscribe <at> bubbanfriends.org

--

-- 
fedora-list mailing list
(Continue reading)

Permalink | Reply |
headers
Timothy Murphy | 15 Sep 23:50
Favicon

Re: Removing System Consoles from Fedora

Mike Burger wrote:

>> What is the point of removing the System Consoles?
> 
> Other than securing the system's keyboard/console from unintended login
> attempts?

What exactly does this mean?
How does one make a login attempt without intending to?

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Mike Burger | 16 Sep 06:10

Re: Removing System Consoles from Fedora


> Mike Burger wrote:
>
>>> What is the point of removing the System Consoles?
>>
>> Other than securing the system's keyboard/console from unintended login
>> attempts?
>
> What exactly does this mean?
> How does one make a login attempt without intending to?

Sorry...allow me to be more clear:

It would prevent attempts to access the system, at the console, by
unauthorized persons who might otherwise have physical access to the box,
but were not intended, by the system administrator, to actually have
access to login to the system.

I'm not saying I agree with it...just that I understand the thinking
behind the question.

--

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:
(Continue reading)

Permalink | Reply |
headers
Steve Repo | 16 Sep 06:18

Re: Removing System Consoles from Fedora

On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger <mburger <at> bubbanfriends.org> wrote:
>
>> Mike Burger wrote:
>>
>>>> What is the point of removing the System Consoles?
>>>
>>> Other than securing the system's keyboard/console from unintended login
>>> attempts?
>>
>> What exactly does this mean?
>> How does one make a login attempt without intending to?
>
> Sorry...allow me to be more clear:
>
> It would prevent attempts to access the system, at the console, by
> unauthorized persons who might otherwise have physical access to the box,
> but were not intended, by the system administrator, to actually have
> access to login to the system.
>
> I'm not saying I agree with it...just that I understand the thinking
> behind the question.
>

I thought thats what passwords were for?

Steve

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 16 Sep 14:28

Re: Removing System Consoles from Fedora


> On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger <mburger <at> bubbanfriends.org>
> wrote:
>>
>>> Mike Burger wrote:
>>>
>>>>> What is the point of removing the System Consoles?
>>>>
>>>> Other than securing the system's keyboard/console from unintended
>>>> login
>>>> attempts?
>>>
>>> What exactly does this mean?
>>> How does one make a login attempt without intending to?
>>
>> Sorry...allow me to be more clear:
>>
>> It would prevent attempts to access the system, at the console, by
>> unauthorized persons who might otherwise have physical access to the
>> box,
>> but were not intended, by the system administrator, to actually have
>> access to login to the system.
>>
>> I'm not saying I agree with it...just that I understand the thinking
>> behind the question.
>>
>
> I thought thats what passwords were for?

Passwords *can* be cracked/hacked/obtained by unscrupulous individuals.
(Continue reading)

Permalink | Reply |
headers
Andrew Parker | 16 Sep 14:51

Re: Removing System Consoles from Fedora

On Tue, Sep 16, 2008 at 8:28 AM, Mike Burger <mburger <at> bubbanfriends.org> wrote:
>
>> On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger <mburger <at> bubbanfriends.org>
>> wrote:
>>>
>>>> Mike Burger wrote:
>>>>
>>>>>> What is the point of removing the System Consoles?
>>>>>
>>>>> Other than securing the system's keyboard/console from unintended
>>>>> login
>>>>> attempts?
>>>>
>>>> What exactly does this mean?
>>>> How does one make a login attempt without intending to?
>>>
>>> Sorry...allow me to be more clear:
>>>
>>> It would prevent attempts to access the system, at the console, by
>>> unauthorized persons who might otherwise have physical access to the
>>> box,
>>> but were not intended, by the system administrator, to actually have
>>> access to login to the system.
>>>
>>> I'm not saying I agree with it...just that I understand the thinking
>>> behind the question.
>>>
>>
>> I thought thats what passwords were for?
>
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 16 Sep 14:58

Re: Removing System Consoles from Fedora


> On Tue, Sep 16, 2008 at 8:28 AM, Mike Burger <mburger <at> bubbanfriends.org>
> wrote:
>>
>>> On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger
>>> <mburger <at> bubbanfriends.org>
>>> wrote:
>>>>
>>>>> Mike Burger wrote:
>>>>>
>>>>>>> What is the point of removing the System Consoles?
>>>>>>
>>>>>> Other than securing the system's keyboard/console from unintended
>>>>>> login
>>>>>> attempts?
>>>>>
>>>>> What exactly does this mean?
>>>>> How does one make a login attempt without intending to?
>>>>
>>>> Sorry...allow me to be more clear:
>>>>
>>>> It would prevent attempts to access the system, at the console, by
>>>> unauthorized persons who might otherwise have physical access to the
>>>> box,
>>>> but were not intended, by the system administrator, to actually have
>>>> access to login to the system.
>>>>
>>>> I'm not saying I agree with it...just that I understand the thinking
>>>> behind the question.
>>>>
(Continue reading)

Permalink | Reply |
headers
Andrew Parker | 16 Sep 15:03

Re: Removing System Consoles from Fedora

On Tue, Sep 16, 2008 at 8:58 AM, Mike Burger <mburger <at> bubbanfriends.org> wrote:
>
>> On Tue, Sep 16, 2008 at 8:28 AM, Mike Burger <mburger <at> bubbanfriends.org>
>> wrote:
>>>
>>>> On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger
>>>> <mburger <at> bubbanfriends.org>
>>>> wrote:
>>>>>
>>>>>> Mike Burger wrote:
>>>>>>
>>>>>>>> What is the point of removing the System Consoles?
>>>>>>>
>>>>>>> Other than securing the system's keyboard/console from unintended
>>>>>>> login
>>>>>>> attempts?
>>>>>>
>>>>>> What exactly does this mean?
>>>>>> How does one make a login attempt without intending to?
>>>>>
>>>>> Sorry...allow me to be more clear:
>>>>>
>>>>> It would prevent attempts to access the system, at the console, by
>>>>> unauthorized persons who might otherwise have physical access to the
>>>>> box,
>>>>> but were not intended, by the system administrator, to actually have
>>>>> access to login to the system.
>>>>>
>>>>> I'm not saying I agree with it...just that I understand the thinking
>>>>> behind the question.
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 16 Sep 15:11

Re: Removing System Consoles from Fedora


> On Tue, Sep 16, 2008 at 8:58 AM, Mike Burger <mburger <at> bubbanfriends.org>
> wrote:
>>
>>> On Tue, Sep 16, 2008 at 8:28 AM, Mike Burger
>>> <mburger <at> bubbanfriends.org>
>>> wrote:
>>>>
>>>>> On Tue, Sep 16, 2008 at 9:40 AM, Mike Burger
>>>>> <mburger <at> bubbanfriends.org>
>>>>> wrote:
>>>>>>
>>>>>>> Mike Burger wrote:
>>>>>>>
>>>>>>>>> What is the point of removing the System Consoles?
>>>>>>>>
>>>>>>>> Other than securing the system's keyboard/console from unintended
>>>>>>>> login
>>>>>>>> attempts?
>>>>>>>
>>>>>>> What exactly does this mean?
>>>>>>> How does one make a login attempt without intending to?
>>>>>>
>>>>>> Sorry...allow me to be more clear:
>>>>>>
>>>>>> It would prevent attempts to access the system, at the console, by
>>>>>> unauthorized persons who might otherwise have physical access to the
>>>>>> box,
>>>>>> but were not intended, by the system administrator, to actually have
>>>>>> access to login to the system.
(Continue reading)

Permalink | Reply |
headers
Patrick O'Callaghan | 16 Sep 16:04

Re: Removing System Consoles from Fedora

On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
> As I said...I don't agree with it...I'm just saying that I understand
> the thinking behind it.

Sorry, but I think you don't. You might want to read Alan Cox's message
on the fedora-test list:
https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which
indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.

poc

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Lyvim Xaphir | 16 Sep 16:40
Favicon

Re: Removing System Consoles from Fedora


On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:
> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
> > As I said...I don't agree with it...I'm just saying that I understand
> > the thinking behind it.
> 
> Sorry, but I think you don't. You might want to read Alan Cox's message
> on the fedora-test list:
> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which
indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.
> 
> poc
> 

It's still a stupid idea.  There's no good reason to get rid of the vt
consoles; they've been there for a very long time on rh, I use them all
the time.  As does alot of other people.  As one other user pointed out
on the link that *you provided, the lack of vt consoles is the number
one problem with another distro, according to it's users.

LX

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Patrick O'Callaghan | 16 Sep 17:22

Re: Removing System Consoles from Fedora

On Tue, 2008-09-16 at 10:40 -0400, Lyvim Xaphir wrote:
> On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:
> > On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
> > > As I said...I don't agree with it...I'm just saying that I understand
> > > the thinking behind it.
> > 
> > Sorry, but I think you don't. You might want to read Alan Cox's message
> > on the fedora-test list:
> > https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which
indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.
> > 
> > poc
> > 
> 
> 
> It's still a stupid idea.  There's no good reason to get rid of the vt
> consoles; they've been there for a very long time on rh, I use them all
> the time.  As does alot of other people.  As one other user pointed out
> on the link that *you provided, the lack of vt consoles is the number
> one problem with another distro, according to it's users.

AFAIK no-one is suggesting simply getting rid of the VT consoles without
substituting something else. That would be a dumb idea and I doubt it's
being considered. Alan's message enumerates the uses of VT and it's
clear that these uses aren't going to go away. He even says this
explicitly.

poc

--

--
(Continue reading)

Permalink | Reply |
headers
Rick Stevens | 16 Sep 19:20

Re: Removing System Consoles from Fedora

Lyvim Xaphir wrote:
> On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:
>> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>>> As I said...I don't agree with it...I'm just saying that I understand
>>> the thinking behind it.
>> Sorry, but I think you don't. You might want to read Alan Cox's message
>> on the fedora-test list:
>> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which
indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.
>>
>> poc
>>
> 
> 
> It's still a stupid idea.  There's no good reason to get rid of the vt
> consoles; they've been there for a very long time on rh, I use them all
> the time.  As does alot of other people.  As one other user pointed out
> on the link that *you provided, the lack of vt consoles is the number
> one problem with another distro, according to it's users.

There are reasons for disabling consoles, however the term "good" is
subjective.  For example, PCI compliance says that you must render the
machines as physically difficult to get into as you can.  We, for
example, do the following:

1. Machines do not have X installed and boot to run level 3
2. /etc/inittab modified to NOT spawn gettys on the VTs
3. /etc/inittab spaws serial port getty connected to a serial KVM
4. grub configured to also use the serial port for its console
(Continue reading)

Permalink | Reply |
headers
Tom Horsley | 16 Sep 19:32
Favicon

Re: Removing System Consoles from Fedora

On Tue, 16 Sep 2008 10:20:06 -0700
Rick Stevens <ricks <at> nerd.com> wrote:

> For example, PCI compliance says that you must render the
> machines as physically difficult to get into as you can.

So, you let the Italian Communist Party dictate what you
do? :-).

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Rick Stevens | 16 Sep 19:45

Re: Removing System Consoles from Fedora

Tom Horsley wrote:
> On Tue, 16 Sep 2008 10:20:06 -0700
> Rick Stevens <ricks <at> nerd.com> wrote:
> 
>> For example, PCI compliance says that you must render the
>> machines as physically difficult to get into as you can.
> 
> So, you let the Italian Communist Party dictate what you
> do? :-).

That's what I love about acronyms...they can mean anything! ;-)
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                       rps2 <at> nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-   Errors have occurred. We won't tell you where or why.  We have   -
-                         lazy programmers.                          -
----------------------------------------------------------------------

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Dave Feustel | 16 Sep 20:11

Re: Removing System Consoles from Fedora

On Tue, Sep 16, 2008 at 10:20:06AM -0700, Rick Stevens wrote:
> Lyvim Xaphir wrote:
>> On Tue, 2008-09-16 at 09:34 -0430, Patrick O'Callaghan wrote:
>>> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>>>> As I said...I don't agree with it...I'm just saying that I understand
>>>> the thinking behind it.
>>> Sorry, but I think you don't. You might want to read Alan Cox's message
>>> on the fedora-test list:
>>> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html which
indicates that the motivation is much more to do with cleaning up code and APIs. I fact security isn't mentioned.
>>>
>>> poc
>>>
>>
>>
>> It's still a stupid idea.  There's no good reason to get rid of the vt
>> consoles; they've been there for a very long time on rh, I use them all
>> the time.  As does alot of other people.  As one other user pointed out
>> on the link that *you provided, the lack of vt consoles is the number
>> one problem with another distro, according to it's users.
>
> There are reasons for disabling consoles, however the term "good" is
> subjective.  For example, PCI compliance says that you must render the
> machines as physically difficult to get into as you can.  We, for
> example, do the following:
>
> 1. Machines do not have X installed and boot to run level 3

Having spent some time running X on OpenBSD, FreeBSD, Fedora, and now SUSE 11,
I am convinced that using X on any of these platforms enables exploits that
(Continue reading)

Permalink | Reply |
headers
Rick Stevens | 17 Sep 02:50

Re: Removing System Consoles from Fedora

Dave Feustel wrote:
[snip]
>> 1. Machines do not have X installed and boot to run level 3
> 
> Having spent some time running X on OpenBSD, FreeBSD, Fedora, and now SUSE 11,
> I am convinced that using X on any of these platforms enables exploits that
> cannot be disabled.  You cannot have both security and X. Take your pick. I do
> not log in as root in X for any reason since there are ways in X to listen in
> on keyboard communications and capture passwords. So far as I have been able to
> tell, this is not possible with non-X console io.

ANYTHING over the net can be hacked, given enough CPU cycles and time.
You can mitigate it requiring everything be heavily encrypted (including
X).  It's not perfect, but it's as close as you're going to get.  There
is such a thing as making a machine so secure it's unmanageable.

>> 2. /etc/inittab modified to NOT spawn gettys on the VTs
>> 3. /etc/inittab spaws serial port getty connected to a serial KVM
>> 4. grub configured to also use the serial port for its console
>>
>> This is in addition to them being in cage with a deadbolt lock on the
>> door, and the cage being in a data center with physical access
>> restrictions, cardkey access and video surveillance.  Yes, it's a bit
>> onerous, but it is required.  Whether you think they're "good reasons"
>> is irrelevant.
> 
> I have read that Congress passed a law in 1995 mandating undetectable
> hardware access to all computers connected to the internet.

The law, IIRC, was held unconstitutional and the US Attorney stated that
(Continue reading)

Permalink | Reply |
headers
Dave Feustel | 17 Sep 04:30

Re: Removing System Consoles from Fedora

On Tue, Sep 16, 2008 at 05:50:18PM -0700, Rick Stevens wrote:
> Dave Feustel wrote:
> [snip]
>>> 1. Machines do not have X installed and boot to run level 3

I did not write the above point 1.
I did write the following:

>> Having spent some time running X on OpenBSD, FreeBSD, Fedora, and now SUSE 11,
>> I am convinced that using X on any of these platforms enables exploits that
>> cannot be disabled.  You cannot have both security and X. Take your pick. I do
>> not log in as root in X for any reason since there are ways in X to listen in
>> on keyboard communications and capture passwords. So far as I have been able to
>> tell, this is not possible with non-X console io.
>
> ANYTHING over the net can be hacked, given enough CPU cycles and time.
> You can mitigate it requiring everything be heavily encrypted (including
> X).  It's not perfect, but it's as close as you're going to get.  There
> is such a thing as making a machine so secure it's unmanageable.

I did not write the following:

>>> 2. /etc/inittab modified to NOT spawn gettys on the VTs
>>> 3. /etc/inittab spaws serial port getty connected to a serial KVM
>>> 4. grub configured to also use the serial port for its console
>>>
>>> This is in addition to them being in cage with a deadbolt lock on the
>>> door, and the cage being in a data center with physical access
>>> restrictions, cardkey access and video surveillance.  Yes, it's a bit
>>> onerous, but it is required.  Whether you think they're "good reasons"
(Continue reading)

Permalink | Reply |
headers
Mikkel L. Ellertson | 17 Sep 22:56
Favicon

Re: Removing System Consoles from Fedora

Dave Feustel wrote:
> 
> Having spent some time running X on OpenBSD, FreeBSD, Fedora, and now SUSE 11,
> I am convinced that using X on any of these platforms enables exploits that
> cannot be disabled.  You cannot have both security and X. Take your pick. I do
> not log in as root in X for any reason since there are ways in X to listen in
> on keyboard communications and capture passwords. So far as I have been able to
> tell, this is not possible with non-X console io.
> 
This is much harder to do with current versions of X. Unless you
disable authorization, the X server will only talk to programs
started by the user logged into the console. This includes logging
into the cli as the user. (It is possible to do it as the user, or
root, with some extra work.)

As for reading a cli keyboard, you may want to look at the keybdev
as well as the different keyboard drivers. I am not sure if it would
be easier to modify one the keyboard drivers, or interface with
keybdev - both look promising.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


--

-- 
fedora-list mailing list
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 16 Sep 18:02

Re: Removing System Consoles from Fedora


> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>> As I said...I don't agree with it...I'm just saying that I understand
>> the thinking behind it.
>
> Sorry, but I think you don't. You might want to read Alan Cox's message
> on the fedora-test list:
> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html
> which indicates that the motivation is much more to do with cleaning up
> code and APIs. I fact security isn't mentioned.

Now, I'm going to have to go back to the archives, and reread the start of
this thread.  I thought that the original poster was asking about doing
so, not about the developers looking to do so.

If I missed something in that, and that was not the original poster's
question, then I stand corrected.

--

-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit:

https://www.bubbanfriends.org/mailman/listinfo/site-update

or send a blank email message to:
(Continue reading)

Permalink | Reply |
headers
Bob Barrett | 16 Sep 19:17
Favicon

Re: Removing System Consoles from Fedora

Mike Burger wrote:
>> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>>     
>>> As I said...I don't agree with it...I'm just saying that I understand
>>> the thinking behind it.
>>>       
>> Sorry, but I think you don't. You might want to read Alan Cox's message
>> on the fedora-test list:
>> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html
>> which indicates that the motivation is much more to do with cleaning up
>> code and APIs. I fact security isn't mentioned.
>>     
>
> Now, I'm going to have to go back to the archives, and reread the start of
> this thread.  I thought that the original poster was asking about doing
> so, not about the developers looking to do so.
>
> If I missed something in that, and that was not the original poster's
> question, then I stand corrected.
>
>   
The OP asked the question:

  "What is the point of removing the System Consoles?"

after referencing:

  http://fedoraproject.org/wiki/FWN/Issue143

Quote:
(Continue reading)

Permalink | Reply |
headers
Mike Burger | 16 Sep 19:20

Re: Removing System Consoles from Fedora


> Mike Burger wrote:
>>> On Tue, 2008-09-16 at 09:11 -0400, Mike Burger wrote:
>>>
>>>> As I said...I don't agree with it...I'm just saying that I understand
>>>> the thinking behind it.
>>>>
>>> Sorry, but I think you don't. You might want to read Alan Cox's message
>>> on the fedora-test list:
>>> https://www.redhat.com/archives/fedora-test-list/2008-September/msg00314.html
>>> which indicates that the motivation is much more to do with cleaning up
>>> code and APIs. I fact security isn't mentioned.
>>>
>>
>> Now, I'm going to have to go back to the archives, and reread the start
>> of
>> this thread.  I thought that the original poster was asking about doing
>> so, not about the developers looking to do so.
>>
>> If I missed something in that, and that was not the original poster's
>> question, then I stand corrected.
>>
>>
> The OP asked the question:
>
>   "What is the point of removing the System Consoles?"
>
> after referencing:
>
>   http://fedoraproject.org/wiki/FWN/Issue143
(Continue reading)

Permalink | Reply |
headers
Steven Stern | 18 Sep 01:14
Favicon

Re: Removing System Consoles from Fedora


On 09/15/2008 06:46 AM, Dave Feustel wrote:
> On Mon, Sep 15, 2008 at 03:31:18PM +0530, Huzaifa Sidhpurwala wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Fedora Weekly News Issue 143
>> ============================
>>
>> Welcome to Fedora Weekly News Issue 143 for the week ending September 7,
>> 2008.
>>
>> http://fedoraproject.org/wiki/FWN/Issue143
>>
>> This week Announcements trumpets the arrival of a new version of Bodhi,
>> the freeze of Rawhide and some essential reading on the new package
>> keys. In Developments we shock you with
>> "Non-X System Consoles to be  Removed".
> 
> What is the point of removing the System Consoles?
> 
> 
Does this mean removing the console at ctrl-alt-F1?

--

  Steve
Permalink | Reply |
headers
Aldo Foot | 18 Sep 02:07

Re: Removing System Consoles from Fedora

>>> http://fedoraproject.org/wiki/FWN/Issue143
>>>
>>> This week Announcements trumpets the arrival of a new version of Bodhi,
>>> the freeze of Rawhide and some essential reading on the new package
>>> keys. In Developments we shock you with
>>> "Non-X System Consoles to be  Removed".
>>
>> What is the point of removing the System Consoles?
>>
>>
> Does this mean removing the console at ctrl-alt-F1?

That's what I've gathered so far.
So now, what's going to be? There won't be any vt's when
the X-Windows is running and if you press ctrl-alt-backspace
you'll be drop to a text login?

~af

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Permalink | Reply |
headers
Rahul Sundaram | 18 Sep 02:14
Favicon

Re: Removing System Consoles from Fedora

Aldo Foot wrote:
>>>> http://fedoraproject.org/wiki/FWN/Issue143
>>>>
>>>> This week Announcements trumpets the arrival of a new version of Bodhi,
>>>> the freeze of Rawhide and some essential reading on the new package
>>>> keys. In Developments we shock you with
>>>> "Non-X System Consoles to be  Removed".
>>> What is the point of removing the System Consoles?
>>>
>>>
>> Does this mean removing the console at ctrl-alt-F1?
> 
> That's what I've gathered so far.

You have gathered incorrectly. This whole thread is based on 
misconceptions. Read

https://www.redhat.com/archives/fedora-devel-list/2008-September/msg01417.html

This is nothing new and how some other distributions have done things 
for several years now. Move on folks.

Rahul

--

-- 
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
(Continue reading)

Permalink | Reply |
headers
Aldo Foot | 18 Sep 02:50

Re: Removing System Consoles from Fedora

On Wed, Sep 17, 2008 at 5:14 PM, Rahul Sundaram
<sundaram <at> fedoraproject.org> wrote:
> Aldo Foot wrote:
>>>>>
>>>>> http://fedoraproject.org/wiki/FWN/Issue143
>>>>>
>>>>> This week Announcements trumpets the arrival of a new version of Bodhi,
>>>>> the freeze of Rawhide and some essential reading on the new package
>>>>> keys. In Developments we shock you with
>>>>> "Non-X System Consoles to be  Removed".
>>>>
>>>> What is the point of removing the System Consoles?
>>>>
>>>>
>>> Does this mean removing the console at ctrl-alt-F1?
>>
>> That's what I've gathered so far.
>
> You have gathered incorrectly. This whole thread is based on misconceptions.
> Read
>
> https://www.redhat.com/archives/fedora-devel-list/2008-September/msg01417.html
>
> This is nothing new and how some other distributions have done things for
> several years now. Move on folks.
>
> Rahul
>

Thanks for the clarification. I'll have to keep an eye on the fedora-devel-list.
(Continue reading)

Permalink | Reply |

Gmane