Announcement

Collapse
No announcement yet.

Clear Linux Moving Ahead With Blocking dmesg Access For Non-Root Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by debianxfce View Post

    "Since Wednesday’s post went live, AV detection rates have grown, but at the time Ars published this article, the rates still remained low. Depending on the file being analyzed, the rates ranged from two to 13, out of 59 AV engines tracked."

    Most virus scanners will find it soon. ClamAV updates virus images very often. Japanese are good.
    Of course the AV scanners will add a signature for it sooner or later but since the geist of your link was that it wasn't detected by any AV:s yet it was a very very strange link to use in order to promote AV scanners!

    For the shell scrip in question to work a user have to receive it via e.g e-mail and then deliberately execute it so the fact that there exists infections in the wild tells a story that there exists some mighty stupid admins/users out there.

    Comment


    • #22
      Originally posted by Panda_Wrist View Post
      Michael unapproved post replying to debianxfce
      That gives me an idea: if their posts required manual approval, it might also make things calmer.

      Comment


      • #23
        Originally posted by Panda_Wrist View Post

        You know I loved your stupid non sense posts, trying to tell everyone that everything you think is right and if they think differently at all then they are stupid dumb ass internet trolls. Those post were so much fun to read. That was because you were just giving out harmless opinions that if people would follow wouldn't cause any damage. But when you try stating your "facts" as you like to call everything you say, by telling people to disable their security in the name of security, you are giving out horrible wrong incorrect advise that is dangerous.

        And funny how you finally respond to one of my posts that don't say anything about having Michael benchmark your "distro" Could it be that you don't have one? or that you are scared that it will do horrible in the benchmarks? That your 'setup' won't win every test? Or is it that you don't actually use the bullshit you spout? I think its the last one. I bet you are a gnome3 systemd redhat loving user. Why else won't you provide your "distro" for Michael to benchmark. I'm sure he would do it just because he knows that that benchmark would get killer views proving that you are wrong with your setup being the best.

        Also never give out "security" advise again. some one might actually listen to you and that would be bad.
        He does have a valid point though. Censorship is never the right answer. What he/she says might be stupid and objectively wrong, but the appropriate response is not to forcibly silence him/her.

        Also I'm sick of hearing about how debianxfce should be banned or whatever. That's clearly not going to happen and it's neither the first nor last time someone is wrong on the internet. Deal with it.

        Comment


        • #24
          Originally posted by Mark Rose View Post

          People like me use it. It's also relevant in that it pushes performance, which leads to other distros making the same optimizations.
          Only if they want to be tied to an Intel chip....

          Comment


          • #25
            Originally posted by Konstantin A. View Post
            So according to Intel, dmesg poses a security risk. Look here, since May 29th. Hardware mitigation on new Intel CPU is a placebo. New security hole discovered.

            https://arxiv.org/abs/1905.12701
            Yes, but it doesn't affect AMD or ARM. Amazing!

            Comment


            • #26
              Originally posted by Konstantin A. View Post
              So according to Intel, dmesg poses a security risk. Look here, since May 29th. Hardware mitigation on new Intel CPU is a placebo. New security hole discovered.

              https://arxiv.org/abs/1905.12701
              It's an interesting paper, especially this (Kernel address space randomization) :
              "
              Experimental Setup.

              We evaluate Fallout on two Intel machines, a Kaby Lake i7-7600U and a Coffee Lake R i9-9900K. Both machines run a fully updated Ubuntu 16.04 system, with all countermeasures in their default configuration.
              On both systems, we empirically test the possible locations on the kernel in its address space obtaining about 490 locations, implying about 9 bits of entropy.

              Experimental Results.

              We run the attack 1000 times each, on both the Kaby Lake and the Coffee Lake machines. Our attack can recover the kernel location with 100% accuracy on both machines, within about 0.27 seconds
              "

              Comment


              • #27
                Originally posted by Bsdisbetter View Post

                Only if they want to be tied to an Intel chip....
                FYI: works the same on Ryzen too

                Comment


                • #28
                  Originally posted by Bsdisbetter View Post

                  It's an interesting paper, especially this (Kernel address space randomization) :
                  Ubuntu 16.04?

                  Are we sure they aren't just proving Canonical sucks at backporting security patches to their older kernels?

                  Comment


                  • #29
                    Originally posted by Djhg2000 View Post
                    He does have a valid point though. Censorship is never the right answer. What he/she says might be stupid and objectively wrong, but the appropriate response is not to forcibly silence him/her.
                    Ah, here we go again.


                    Comment


                    • #30
                      Originally posted by starshipeleven View Post
                      Ah, here we go again.

                      Free speech as a law exists because we used to morally align with it as a concept, not the other way around. If you need a law to accept free speech as a concept then it just means you're more authoritarian than liberal.

                      Comment

                      Working...
                      X