4 Persons are tagged with #admin

Hiker
Hiker
hiker@pod.fedcast.ch
#natur #klassik #foto #tiere #admin

#admin

hackaday@xn--y9azesw6bu.xn--y9a3aq
hackaday unofficial

Major Bug Grants Root for All Major Linux Distributions

image

One of the major reasons behind choosing Linux as an operating system is that it's much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn't mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can't run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

#linuxhacks #securityhacks #admin #exploit #linux #patch #pkexec #polkit #root #security #update #vulnerability

harald@hub.volse.no
Harald Eilertsen

Vedtak til lov om endringer i lov om elektronisk kommunikasjon (lagring av IP-adresser mv.)

Fra og med i morgen trer endringene over i kraft som lov. Er det noen som har gjort noen vurdering om hva (om noe) det betyr for de av oss som tilbyr sosiale (og andre) nettverkstjenester? For min egen del anser jeg det som lite relevant iom at jeg ikke har åpen registrering på min Hubzilla-instans. Hva tenker andre? Er min antakelse fornuftig eller er det noe jeg overser her?

#fødivers #norsk #norge #politikk #datalagring #admin #jus

Vedtak til lov om endringer i lov om elektronisk kommunikasjon (lagring av IP-adresser mv.)

Lovvedtak 165 (2020–2021)

2 Comments
sylviaj@joindiaspora.com
Sylvia J

Tulsi Gabbard ~ Drop the Charges

https://twitter.com/i/status/1470446562845229058

'Efforts to #extradite & #prosecute #journalist #JulianAssange exposes the #hypocrisy of establishment’s mission to “spread democracy.” If #Biden #Admin truly believed in #democracy (including #freedom-of-the-press), he would immediately #drop-the-charges against #Assange.' #FreeAssange #weareallassange #tulsigabbard #gabbard

6 Likes
3 Comments
3 Shares
fr1tz0@diasp.org
Atari (Fritz

Driver doesn't load, shows error code 52 in device manager on Windows 10 x64
If you're automating software and drivers, sometimes it happens that Windows 10 doesn't load a driver. Since MS raised the bar for driver signing and everything security in general to unbelievable heights, there are far less problems with rootkits, but way more with drivers.

Even hardware manufacturers as Nvidia and Intel can't keep up with the current update rate and hey who needs QA when you're at one of these firms anyway and thus, from time to time, un- or wrongly signed non-production beta drivers are being published for end consumers.

You're downloading driver packages, extract them, shove them upon your test share, import them into your endpoint management server system without a problem, automate them and deploy them. Dism grabs them and imports them into the local driver store. After OSD is done, system is being patched and software is being installed, all is good. Machine ships to the end customer, user logs in. OS activates each and every security subsystem that EFI, secureboot, Driverguard etc pp. provides and loads up the drivers in the store.

Inf is readable, cab file signature is A-OK, loading driver but oh my what's that, one of the 50 driver libraries or SYS files is not signed properly, a cert in the chain is too old or there is no CA certificate because someone at Intel signed the libraries with a cert published by 'Microsoft Media' certificate used in Windows Vista (an OS published in 2007 A.D.) to sign the driver libraries. In the year 2021. Congrats, you now have n machines out there in the home offices without WLAN & without a graphics driver. Best wishes from Intel (one more reason why I prefer AMD).

There are two solutions to avoid this: either you check each and every file of each and every driver you want to use before importing & deploying them. This means that you'll check millions of files. Or you just trust the manufacturer / distributor who provides the drivers, import them and fix if any errors occur. This is what 99% of the sysadmins do and what MS recommends.

If however you want to check the driver files before importing them, here is a powershell one-liner to recursively check all binaries in the current path for non-valid signatures. It outputs any binaries in the search path which are not signed properly.

Get-ChildItem -Recurse | where {$_.extension -in ".dll", ".exe", ".sys" } | Where { ! $_.PSIsContainer } | Get-AuthenticodeSignature | Where-Object {$_.status -ne "Valid"} | Select-Object status, path

Have fun, stay healthy.
Fritz

#windows #drivers #driver #admin #hardware #cert #signature

1 Shares
developers@forum.friendi.ca
Friendica Developers

Announcement: Downtime git.friendi.ca / wiki.friendi.ca / files.friendi.ca / drone.friendi.ca

utzer - 2021-11-06 15:09:18 GMT

There might be a planned downtime tomorrow 14:00 CET. I am still figuring out if it is necessary to swap the NVME storage drive of the server and am in contact with the hosting company.

Please prepare for about 4-6 hours downtime to allow raid resync.

It might be much shorter, but I feel more comfortable with that prognosis.

Also if you know your way around NVME replacement and raid resync I am open for suggestions on how to do this, maybe it is possible to resync the system while it is running, last time I did not manage to do this and had to use a rescue live #Linux system to recover.

Details on the time scheduled in your timezone:
https://www.timeanddate.com/worldclock/fixedtime.html?p1=37&iso=20211107T14&msg=Downtime%20friendica.utzer.de%20/%20git.friendi.ca%20/%20wiki.friendi.ca%20/%20files.friendi.ca%20/%20drone.friendi.ca&ah=6

#Announcement #Downtime #Friendica #Admin @Friendica Developers

One person like that
18 Comments
utzer@social.yl.ms
utzer [Friendica]

Announcement: Downtime git.friendi.ca / wiki.friendi.ca / files.friendi.ca / drone.friendi.ca

There might be a planned downtime tomorrow 14:00 CET. I am still figuring out if it is necessary to swap the NVME storage drive of the server and am in contact with the hosting company.

Please prepare for about 4-6 hours downtime to allow raid resync.

It might be much shorter, but I feel more comfortable with that prognosis.

Also if you know your way around NVME replacement and raid resync I am open for suggestions on how to do this, maybe it is possible to resync the system while it is running, last time I did not manage to do this and had to use a rescue live #Linux system to recover.

Details on the time scheduled in your timezone:
https://www.timeanddate.com/worldclock/fixedtime.html?p1=37&iso=20211107T14&msg=Downtime%20friendica.utzer.de%20/%20git.friendi.ca%20/%20wiki.friendi.ca%20/%20files.friendi.ca%20/%20drone.friendi.ca&ah=6

#Announcement #Downtime #Friendica #Admin @Friendica Support

One person like that
2 Comments
1 Shares
utzer@social.yl.ms
utzer [Friendica]

Every now and then I find myself in the position that I need to transfer some files from some servers root account to some other computer (might be mine or another server).

What is the fastest and easiest way to do this?

Assuming I connected from my account "ben" to the remote account "unprivilegeduser" did then "sudo su" or "su root" or whatever and want to transfer the remote file "/root/dump.tar" to my local user "ben" to the folder "/home/ben"?

#Linux #Rsync #ssh #filetransfer #admin

One person like that
6 Comments
magdoz@diaspora.psyco.fr
magdoz

#PeerTube : Erreur Cannot fetch remote information of this URL

Cannot fetch remote information of this URL
Impossible de récupérer l’information à distance de cette URL.

Une #erreur apparaît sur certaines instances, lorsqu’on essaye de #télécharger une #vidéo d’une #Instance vers une autre, en se servant de l’ #URL de la vidéo.
Cela fonctionne vers certaines instances, et bloque sur d’autres.
Quelqu’un a une idée de quel est le problème ? Pour indiquer quoi corriger à l’ #Admin administrateur de l’instance ?

#Numérique #LogicielLibre #Décentralisé

(redit du post, car aucun retour durant les congés d’été… )

anonymiss@despora.de
anonymiss

you only need #PlugAndPlay to get #Admin rights under #Windows

Source: https://twitter.com/j0nh4t/status/1429049506021138437

#razor #driver #fail #security #software #news

6 Likes
4 Comments
gargi@joindiaspora.com
Gargi

Wenn dein #Admin von #Pegida ist: "Scheff, Scheff, wir müssen die unkontrollierte Datenzuwanderung einschränken, sonst wird das System davon Schaden nehmen!" ... "Ach, wie das?" ... "Naja, das /boot ist voll..."