[arch-general] arch-general Digest, Vol 61, Issue 39

jelle van der waa jellevdwaa at gmail.com
Wed Nov 18 09:36:02 EST 2009


Re: We need a maintained-by-TU chrome/chromium... (Juan Diego)

There are enough arch user maintained repo's, you could ask them to package
it beside that how much work is AUR ;)

2009/11/18 <arch-general-request at archlinux.org>

> Send arch-general mailing list submissions to
>        arch-general at archlinux.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://mailman.archlinux.org/mailman/listinfo/arch-general
> or, via email, send a message with subject or body 'help' to
>        arch-general-request at archlinux.org
>
> You can reach the person managing the list at
>        arch-general-owner at archlinux.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of arch-general digest..."
>
>
> Today's Topics:
>
>   1. Re: MUA (Alexandr Bashmakov)
>   2. Re: pam settings INSECURE (bender02)
>   3. Re: pam settings INSECURE (Xavier)
>   4. Re: pam settings INSECURE (bender02)
>   5. Re: pam settings INSECURE (Jan de Groot)
>   6. We need a maintained-by-TU chrome/chromium... (Hamo)
>   7. Re: pam settings INSECURE (Xavier)
>   8. Re: We need a maintained-by-TU chrome/chromium... (Daenyth Blank)
>   9. Re: We need a maintained-by-TU chrome/chromium... (Juan Diego)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 18 Nov 2009 17:26:04 +0700
> From: Alexandr Bashmakov <alex.teorver at gmail.com>
> Subject: Re: [arch-general] MUA
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <7d16d2700911180226q14e0d1bbtf1ad3095687a38a5 at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> http://notmuchmail.org/
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 18 Nov 2009 12:58:46 +0100
> From: bender02 <bender02 at archlinux.us>
> Subject: Re: [arch-general] pam settings INSECURE
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <6eefa5460911180358n14f3937esc3a3dea388c09ef3 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2009/11/18 Ng Oon-Ee <ngoonee at gmail.com>:
> > The *disadvantage* is that the devs/maintainers have to patch up-stream.
> > This should be kept to a minimum, primarily to reduce their workload,
> > and also because it is ASSUMED that if you use Arch, you're capable of
> > doing the Right Thing (tm) according to your situation, or at least
> > finding out how to.
>
> If you would take the time to look at the packages that are involved
> in this (namely shadow and kdebase-workspace), you'd see that both
> /etc/pam.d/login and /etc/pam.d/kde are manually suplied alongside the
> PKGBUILDs. So in this case, it's not "patching" but straight
> "replacing" the "upstream".
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 18 Nov 2009 14:07:39 +0100
> From: Xavier <shiningxc at gmail.com>
> Subject: Re: [arch-general] pam settings INSECURE
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <91752840911180507l43f7899ncea46da9f73e2e1e at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Nov 18, 2009 at 6:40 AM, Caleb Cushing <xenoterracide at gmail.com>
> wrote:
> > so here's the problem I've discovered
> >
> http://xenoterracide.blogspot.com/2009/11/bypassing-disabled-accounts-with-kdm.html
> > < links to arch bug included posting here because I believe both kde's
> > and arch's developers responses are less than satisfactory. This is a
> > security bug an easy to fix without making users lives more difficult.
> >
> > so I'm starting with /etc/pam.d/login
> >
> > auth ? ? ? ?required ? ?pam_shells.so #add this: why let someone login
> > who has an invalid shells.
> >
> >
> > /etc/pam.d/kdm # I'm pretty sure it should be 99% the same as login
> > since it allows logins.
> >
> > #%PAM-1.0
> > auth ? ? ? ?requisite ? pam_nologin.so
> > auth ? ? ? ?required ? ?pam_unix.so nullok
> > auth ? ? ? ?required ? ?pam_shells.so # as my blog says setting an
> > invalid shell is a common way of disabling accounts.
> > auth ? ? ? ?required ? ?pam_tally.so onerr=succeed file=/var/log/faillog
> > # use this to lockout accounts for 10 minutes after 3 failed attempts
> > #auth ? ? ? required ? ?pam_tally.so deny=2 unlock_time=600 onerr=succeed
> file=/
> > account ? ? required ? ?pam_access.so
> > account ? ? required ? ?pam_time.so
> > account ? ? required ? ?pam_unix.so
> > password ? ?required ? ?pam_unix.so
> > #password ? required ? ?pam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 ret
> > #password ? required ? ?pam_unix.so md5 shadow use_authtok
> > session ? ? required ? ?pam_unix.so
> > session ? ? required ? ?pam_env.so
> > session ? ? required ? ?pam_limits.so
> >
> > also I believe pam_tally2 replaces pam_tally may wish to consider
> > migrating (non urgent next release?)
> >
>
> So basically you just need to add  "auth        required
> pam_shells.so" to all pam files related to login, correct ?
> Or what were the other problematic settings of pam.d/kde ?
>
> The comments about this being an upstream problem are invalid, as
> these pam files are all shipped by arch :
> http://repos.archlinux.org/wsvn/packages/kdebase-workspace/trunk/
> http://repos.archlinux.org/wsvn/packages/shadow/trunk/login
>
> Note that this problem probably exists with all login managers. For
> example gdm does not have pam_shells.so either.
> http://repos.archlinux.org/wsvn/packages/gdm/trunk/
>
> And I am curious to know what the pam settings of other distro are
> (debian,fedora,gentoo,..).
>
> Finally, maybe it makes sense to try keeping all the different pam
> login files as consistent as possible. But I don't know enough about
> pam to tell.
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 18 Nov 2009 14:17:24 +0100
> From: bender02 <bender02 at archlinux.us>
> Subject: Re: [arch-general] pam settings INSECURE
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <6eefa5460911180517m50a1edcbt518c04950f7203bb at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc at gmail.com> wrote:
> > And I am curious to know what the pam settings of other distro are
> > (debian,fedora,gentoo,..).
> >
> > Finally, maybe it makes sense to try keeping all the different pam
> > login files as consistent as possible. But I don't know enough about
> > pam to tell.
>
> Some other distros (opensuse, ubuntu, fedora at least) use
> 'common-auth' (and probably some other 'common-*' files) in
> /etc/pam.d/, which are then included in the particular pam files.
> Hence all pam files are consistent. On the other hand, if you need
> more fine-grained control, you need to edit and consolidate more files
> than with the current arch setup. [I like arch's system better, but
> who cares about that :)]
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 18 Nov 2009 14:24:24 +0100
> From: Jan de Groot <jan at jgc.homeip.net>
> Subject: Re: [arch-general] pam settings INSECURE
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID: <1258550664.4737.4.camel at jan>
> Content-Type: text/plain; charset="UTF-8"
>
> On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote:
> > On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc at gmail.com> wrote:
> > > And I am curious to know what the pam settings of other distro are
> > > (debian,fedora,gentoo,..).
> > >
> > > Finally, maybe it makes sense to try keeping all the different pam
> > > login files as consistent as possible. But I don't know enough about
> > > pam to tell.
> >
> > Some other distros (opensuse, ubuntu, fedora at least) use
> > 'common-auth' (and probably some other 'common-*' files) in
> > /etc/pam.d/, which are then included in the particular pam files.
> > Hence all pam files are consistent. On the other hand, if you need
> > more fine-grained control, you need to edit and consolidate more files
> > than with the current arch setup. [I like arch's system better, but
> > who cares about that :)]
>
> The reason for shipping custom pam files is because we don't have
> common-* files in arch. The gdm file is a straight copy from the login
> file, with some added modules for gnome-keyring to get that daemon
> started on login. With common-auth, we could just @include common-auth
> from the pam file, which is much easier.
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 18 Nov 2009 21:48:26 +0800
> From: Hamo <hamo.by at gmail.com>
> Subject: [arch-general] We need a maintained-by-TU chrome/chromium...
> To: arch-general at archlinux.org
> Message-ID:
>        <55b9903b0911180548r19eda9b9x1687aab9085c11eb at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Dear Archlinux users,
> Chrome is likely to be a daily-use web browser and with the Chrome OS
> releasing,it will become more and more reliable.Archlinux is a
> rolling-release distribution and it aims at being bleeding edge.So we
> should have a maintained-by-TU chrome/chromium and it is really
> useful...
>
> --
> Nick Name:Hamo
> Website:http://hamobai.com/
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 18 Nov 2009 14:52:42 +0100
> From: Xavier <shiningxc at gmail.com>
> Subject: Re: [arch-general] pam settings INSECURE
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <91752840911180552u6626b43at10e6e2c7667a2426 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Nov 18, 2009 at 2:24 PM, Jan de Groot <jan at jgc.homeip.net> wrote:
> > On Wed, 2009-11-18 at 14:17 +0100, bender02 wrote:
> >> On Wed, Nov 18, 2009 at 2:07 PM, Xavier <shiningxc at gmail.com> wrote:
> >> > And I am curious to know what the pam settings of other distro are
> >> > (debian,fedora,gentoo,..).
> >> >
> >> > Finally, maybe it makes sense to try keeping all the different pam
> >> > login files as consistent as possible. But I don't know enough about
> >> > pam to tell.
> >>
> >> Some other distros (opensuse, ubuntu, fedora at least) use
> >> 'common-auth' (and probably some other 'common-*' files) in
> >> /etc/pam.d/, which are then included in the particular pam files.
> >> Hence all pam files are consistent. On the other hand, if you need
> >> more fine-grained control, you need to edit and consolidate more files
> >> than with the current arch setup. [I like arch's system better, but
> >> who cares about that :)]
> >
> > The reason for shipping custom pam files is because we don't have
> > common-* files in arch. The gdm file is a straight copy from the login
> > file, with some added modules for gnome-keyring to get that daemon
> > started on login. With common-auth, we could just @include common-auth
> > from the pam file, which is much easier.
> >
> >
>
> That sounds good.
> I filed http://bugs.archlinux.org/task/17188
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 18 Nov 2009 08:54:40 -0500
> From: Daenyth Blank <daenyth+arch at gmail.com <daenyth%2Barch at gmail.com>>
> Subject: Re: [arch-general] We need a maintained-by-TU
>        chrome/chromium...
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <ea09a6380911180554w59527b1bg81fd22d94fa75d55 at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Wed, Nov 18, 2009 at 08:48, Hamo <hamo.by at gmail.com> wrote:
> > Dear Archlinux users,
> > Chrome is likely to be a daily-use web browser and with the Chrome OS
> > releasing,it will become more and more reliable.Archlinux is a
> > rolling-release distribution and it aims at being bleeding edge.So we
> > should have a maintained-by-TU chrome/chromium and it is really
> > useful...
> >
> If you're interested, I recommend finding a sponsor so that you can
> apply...
>
> There are lots of software projects that would be good to have, but it
> only makes sense to keep them in the repos if someone is interested in
> maintaining them.
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 18 Nov 2009 23:05:06 +0900
> From: Juan Diego <juantascon at gmail.com>
> Subject: Re: [arch-general] We need a maintained-by-TU
>        chrome/chromium...
> To: General Discusson about Arch Linux <arch-general at archlinux.org>
> Message-ID:
>        <b3095c50911180605h211fe211oee2a7b3902ab482a at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> I would be happy to maintain that package, but unfortunately Im not a TU
>
> dont you think archlinux should have something similar to ppa from
> ubuntu so that it will be easier to maintain and promote personal
> repositories, aur is a good option but if I would have to choose
> between using a packages from aur or using a package from a personal
> repository from somebody I wouldnt think it twice, I would choose the
> personal repo one.
>
> On Wed, Nov 18, 2009 at 10:54 PM, Daenyth Blank <daenyth+arch at gmail.com<daenyth%2Barch at gmail.com>>
> wrote:
> > On Wed, Nov 18, 2009 at 08:48, Hamo <hamo.by at gmail.com> wrote:
> >> Dear Archlinux users,
> >> Chrome is likely to be a daily-use web browser and with the Chrome OS
> >> releasing,it will become more and more reliable.Archlinux is a
> >> rolling-release distribution and it aims at being bleeding edge.So we
> >> should have a maintained-by-TU chrome/chromium and it is really
> >> useful...
> >>
> > If you're interested, I recommend finding a sponsor so that you can
> apply...
> >
> > There are lots of software projects that would be good to have, but it
> > only makes sense to keep them in the repos if someone is interested in
> > maintaining them.
> >
>
>
> ------------------------------
>
> _______________________________________________
> arch-general mailing list
> arch-general at archlinux.org
> http://mailman.archlinux.org/mailman/listinfo/arch-general
>
>
> End of arch-general Digest, Vol 61, Issue 39
> ********************************************
>



-- 
Jelle


More information about the arch-general mailing list