- This topic has 49 replies, 11 voices, and was last updated Jun 22-7:08 pm by Xecure.
-
Posts
-
Anonymous
( wanted to post this topic to “Software” subforum, but its title mentions another distro )
The (my) focus in this topic is not LinuxMint, nor CinnamonSprinkles Desktop.
My focus is toward the affected component ~~ the login manager, aka display manager.Dec, 2020
description of issue: https://github.com/linuxmint/cinnamon-screensaver/issues/354
discussion (320+ comments): https://news.ycombinator.com/item?id=25843874
discussion: (30+ comments): https://old.reddit.com/r/linux/comments/l1nfwg/kids_find_a_security_flaw_in_linux_mint_by/
startpage.com websearch “Kids find a security flaw in Linux Mint by mashing keys”I won’t rehash here the similar (multiple) LightDM vulnerabilities which have “made the headlines”
~~ if interested, you can antixforum search LightDM and skim skidoo posts in the search results ~~___________________________________________________
“Do one thing, and do it well” .
.
” Make each program do one thing well.” https://en.wikipedia.org/wiki/Unix_philosophy#Do_One_Thing_and_Do_It_Well
___________________________________________________Many of the forum participants here would probably agree “systemd (and Orange Man) bad”
systemd -ish embrace–extend–extinguish is problematic, but its creep is not an isolated symptom. Our “mix-n-match components, as we see fit”
philosophyfreedom increasingly faces threats on multiple fronts, leading toward “corporitization” of desktop linux. If TacoBell manages to win the restaurant wars… desktop linux computing may also wind up existing only as a monoculture. We can expect it will be a bland, lowest-common-denominator, monoculture (as well as an “as the Behemith dictates” monoculture).Specific to the topic of one’s login manager component, from skidoo’s unapologetically opinionated viewpoint the “modern” login managers have become perversely corporatized. (an imprecise word; I’m leaning on the definition I found here: https://www.dictionary.com/browse/corporatize
Across distros, desktop linux users are being herded into using components which — outside the context of a corporate computing scenario — are (IMO) outright offensive. Popup a box inviting the user to hurr durr “fill in the blanks” with personal details, including fullname, phone#… even a happy button to accept assignment of an “avatar” self-photo. Oh, soooo cute! Lookit, when I go to login, I can see a mini thumbnail… so (hurr durr?) I know it’s really me, and this is really my computer. Well, skidoo is left shaking
itstheir(how is this gender-neutral stuff ever expected to work, longterm?) shaking me head and wondering WTF?
GECOS (websearch, it’s a thing)
“accountservice”
geoclue, and surreptitious geolocation pings
.
This post has not been a “rant”.
It is intended to serve as a gentle (or not-so-gentle) introduction,
prior to presenting the new “slimski” login manager application.
.((((((((((( This post
iswas a WIP placeholder draft. Spamfilter ate post#1 )))))))))))))the out of context screenshots here
arewere fairly meaningless, eh- This reply was modified 2 years, 3 months ago by caprea.
caprea
Offtopic,
Skidoo, it was not the spam filter. Your post was in a pending status and fortunately it could be freed by me. I don’t know how posts get into pending status but I think it happens when editing. You may have an idea why.
There are other posts that are also in pending status but cannot be released by me as a moderator.
I think if we know why it happens, we might can change, prevent this annoying situation.ModdIt
Thanks skidoo,
you seem to have misunderstood the “login manager features” intending to let agencys in
easily and make most users feel happy and sleep well.A secure (HAHAHA) win 7 or 10 password is also a joke to get past using a method a 3 year old can follow.
Anyways
May I humbly add Sytemd ID to the tracking features of many distros. It is generated by the work of a
mischevious ugly gnome called something near too but not quite Harry the Potter.
Happens on first boot and used to uniquely identify a computer installation. Not sure but I suspect geoclue
to be one user application to make intensive use of the UID..A whisper in an ear brought a new cron job on a number of systems, they removed the unique ID just after boot,
a newly born installation pinged itself to the world, then another every boot. That is what marketeers bless
their idiotic souls love, growth.Browsers of the popular kind like to enumerate WLans as well as other data and send the collection to mommy
google who can if they so wish put data collected for street view together and locate users exactly that way
too.
We can mitigate but really “Privacy is a dead duck”, as long as we use modern world equipment..- This reply was modified 2 years, 3 months ago by ModdIt.
- This reply was modified 2 years, 3 months ago by ModdIt.
wow.
The post#1 seen here, it was typed as post #2 of a new topic I had started yesterday.Upon submitting post #1, a message did state “pending moderation” or “pending approval”
but the page ALSO displayed a reply button.
The screenshots post was intended to serve as a placeholder, so that after the topic was approved I could explain my intended purpose for the topic. Otherwise, any replies would have probably steered the topic in a different direction.You may have an idea why.
damfraggin, bug-ridden, forum software
christophe
GECOS (websearch, it’s a thing)
Interesting. Corporates LOVE to make acronyms.
Also, incidentally (and off-topic), browsers have gotten political. That may not seem shocking to some, but hear me out…
Searching for “GECOS” in both fireFOX and badWOLF showed me results for “geckos” — at least they were up front about it. They said (in effect), “Look, we need to pad the results here. We need more quantity & less quality. Search only for “GECOS”? (not recommended).” Even after narrowing the search, the “animal” browsers kept sneaking in images of geckos. And the worse part — all the geckos were naked. I don’t want the naked-gecko-animal culture forced on me… 😉
confirmed antiX frugaler, since 2019
May I humbly add Sytemd ID to the tracking features of many distros. It is generated by the work of a
mischevious ugly gnome called something near too but not quite Harry the Potter.
Happens on first boot and used to uniquely identify a computer installation.It is generated by
uuid-genFWIW, we cannot (dare not) uninstall it
and, similarly, during a running session we cannot (dare not) delete the “machine-id” file it generates.Its legitimate purpose, as originally conceived:
Avoid “falldown goboom” if any VMs on a machine are running, using a kernel identical to the host system.Nowadays…
(I had tested to confirm this, but haven’t recently repeated the test)
Google Chrome, and/or Chromium web browser sniffs the UUID from the machine-id file, and will refuse to launch if it is unavailable.^-> but go ahead, use Chromium and just “clear your cookies” if that makes ya feel warm n fuzzy n “nonnymus”
^—–> go ahead, use a vpn, route your traffic via tor…
(pointless, b/c the uuid can be, and betcha it is, injected into your browser’s http-request headers and/or inserted into a field within XHttpRequest bodies, etc.)
_______________________
_______________________
_______________________What we _can_ do, regarding uuid-gen:
1) add a startup file which deletes the uuid file at each boot (causing a new, randomly-generated, uuid to be generated)
and/or
2) on a liveboot persistent system, add
/var/lib/dbus/machine-id
to the list of excluded files within /usr/local/share/excludes/persist-save-exclude.list
(as well as the sibling *exclude.list files used for snapshot and remaster operations)@skidoo, yes your original post was visible, gone now, I really appreciate the work you are doing regarding long
standing problem with login, provoke fall back to root rights. It should not be so easy to get in to somebody elses
system. I do know plenty of other ways to access, just like to increase time needed.@skiddoo wrote: What we _can_ do, regarding uuid-gen:
1) add a startup file which deletes the uuid file at each boot (causing a new, randomly-generated, uuid to be generated)
2) I will definitely follow your suggestion for snapshot remaster exclude list.Remove uuid file during shutdown might also be an option, not sure which might be better/easier to impliment.
Definitely would be nice to have a new ID either every Boot or as “option timed” as standard feature in antiX.
that is low hanging fruit with regard to tracking..ungoogled chromium does launch without UUID. Just checked again to be sure. But may have also a UID hidden someplace.
But removing the ID breaks a lot of applications so had to reboot :-(.Regarding Browsers, I also suspect Mozilla is also using the UID. Using Geolocation for sure. Also has browser install UID.
Regarding TOR, i use it but have no expectation to be anonymous, it was after all a military communications development
knowing who is communicating a message an essential design feature.- This reply was modified 2 years, 3 months ago by ModdIt.
- This reply was modified 2 years, 3 months ago by ModdIt. Reason: extend post
anticapitalista
Restored the original post
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
The OP in this topic breaks the ice, explaining why “screenlocker” has been omitted from slimski login manager, a replacement for SLiM. Although screenlock, if desired, can be provided by xscreensaver or by a handful of other utility programs… I anticipate that some folks will criticize the decision to remove this feature.
Another anticipated point of criticism:
By design, as an “unapologetically opinionated” design feature, slimski is hardcoded to prohibit login to graphical desktop using the “root” user account. To anyone who might argue that this represents an “anti-feature”: you would be arguing with a Brick Wall.Elsewhere, in another recent antixforums topic, I called out a vunlerability present in SLiM ~~ users can type the special username “exit”, escaping to a root shell prompt without a requirement to supply the root password. I have not reported this as a bug to debian, nor to the bbidulock SLiM project at github (the ongoing branch with the greatest number of forks). SLiM was conceived way before debian policy adopted the “only root can launch the X server” and, probably, this policy is not consistent across non-debian distributions nor *BSD OSes. Kick the can ~~ is it debian’s responsibility to patch the vulnerability specific to their implementation?
-=-
The slimski program addresses the issue of “can escape, unchallenged, to command prompt” by providing a configuration option. Each distroteer or sysadmin can specify whether or not exit_enabled=true._____________________________________
Here are some “heads up” details for anyone enagaged in creating (SLiM and) slimski login page themes:
slimski detects $LANG env variable at runtime.
similar to what you get by typing at commandline “echo $LANG” and discarding the .UTF-8 suffix
If, for example, the theme specified in /etc/slimski.conf is twilite
and $wantedlang=en_GB
slimski firsts attempts to load /usr/share/slimski/themes/twilite/slimski__en_GB.theme
if such exists, otherwise falls back to loading /usr/share/slimski/themes/twilite/slimski.themeIn its current form, and probably in the foreseeable future, slimski can only pattern match against nn_NN
(which handles approx 420 of the 480-ish total localecodes mentioned in /etc/locale.gen)Many of the slimski
variableoption names are changed, compared to SLiM… but (importantly) x,y positioning and/or percentage values are handled identically.slimski currently provides support for an additional 5 messagestrings.
(cust1_msg, cust2_msg, cust3_msg, cust4_msg, cust5_msg)
For each of these, the max character length is 250.Those design specs 250 (and 5) were arbitrarily-chosen. Additional NNs could easily be added (i.e., each additional would necessitate only a dozen or so lines of code).
Any/all of the custNN messages can be left blank for any given theme or localized variant thereof.
A themer can separately specify for each:
custNN_font (syntax identical to SLiM)
custNN_color (syntax identical to SLiM)
custNN_x
custNN_y (syntax/values identical to SLiM)
Above, I typed “can”. The reason I didn’t type “must” is that slimski applies default fallback font+color values if these are not specified and the associated messagestring is non-blank.Throughout slimski, all the options which accept text string values are now UTF-8 translatable.
Said differently: a configurable option for every displayed messagestring exists.Some important thing(s) for a themer to know/understand:
1) slimski currently does NOT provide wordwrapping of long strings
2) slimski (and you) cannot know, ahead of time, whether 92 or 123 characters, at fontsize 16, will “run off the edge of” a given user’s runtime display. So, plan accordingly, and please do test your themes using various “resolutions”.
3) The custNN messages are not constrained to fitting within the bounds of the panel image rectangle. They are placed on (emblazoned on) the “background”, not the panel. Accordingly, their x,y offset values are specified relative to 0,0 (top-left corner of screen)
4)To preview a theme:
slimski -p themename
to preview a theme AND output to terminal a list of all runtime option var:value pairs
example:
slimski -s -p ax
^—} https://pastebin.com/raw/CupKb2Tmslimski first populates all options with default/fallback values
then loads slimski.conf, then loads the theme file.
Where, exactly, you specify a given option:value does not matter.
In other words, any theme-related options specified in the conf would be honored. Just bear in mind the load order & understand that a later (line lower in the conf, or in a theme file) same-named option will override an earlier redundant declaration.
Xecure
By design, as an “unapologetically opinionated” design feature, slimski is hardcoded to prohibit login to graphical desktop using the “root” user account. To anyone who might argue that this represents an “anti-feature”: you would be arguing with a Brick Wall.
Hahaha. Ok, Mr. Brick Wall. This will stop kali linux (and the like) users who normally operate in root. You know that doing this will probably also bar your slim fork from officially getting into antiX? There are times that a user account gets blocked (because some session mis-configuration, for example), and most users who don’t know the cli will try to log in as root to edit the files (or create a new user account using the antiX user Manager).
Let us know when we can try slimski out. If it is already available, share the gitlab link. I cannot guaranty to be able to test immediately, but It sure seems an interesting project I would like to test.
antiX Live system enthusiast.
General Live Boot Parameters for antiX.You know that doing this will probably also bar your slim fork from officially getting into antiX?
Understood.
It’s open source.
With attention toward precluding user confusion regarding features found in (expected by) users of mainstream SLiM, I renamed the program. If, to gain favor with antiX, the “root user account login to graphical shell is prohibited” is removed (it’s easily found within the source code)… I hope you would please rename the modified program prior to redistribution. If this is your bent, Xecure, the task of renaming can be easily accomplished via bulk search/replace. slimski (lowercase, throughout the source code n docs).Alternatively, you might ask (brian bidulock?)(if that is the SLiM “upstream” source antiX has been following) to cherrypick & incorporate features from the slimski codebase. (The overall slimski codebase has diverged too far, would be impossible to “merge” into SLiM.)
Brian Masinick
My own personal view is that no matter how “obscure” any particular “feature” or “capability” become, as long as at least one source code copy somewhere exists, that “feature”, “object”, program, or whatever it is, can be put into an alternative system, whether a distribution, a new creation, or preservation of something that has existed. Therefore, if Slim source code exists, it can be obtained. If Slimski code exists, it can be used.
That is not a guarantee that it will ever be included or continue to exist in antiX or distribution X, but it CAN exist in anyone’s personal creation.
I have snapshots today that are my own derivatives of existing efforts. As long as they boot, they work. They do not, however, have the source code behind them for every application; if I add that, I could independently extend or maintain them indefinitely.Linux From Scratch provides the “framework” for creating a totally independent distribution, but even it depend on the existence of source code to build software. As long as the source code exists, hardware with compilation tools exist, and the time to do the work exists, so does the opportunity.
Actually doing the work is a significant effort, no doubt about it.
--
Brian MasinickXecure
You know that doing this will probably also bar your slim fork from officially getting into antiX?
Understood.
It’s open source.
With attention toward precluding user confusion regarding features found in (expected by) users of mainstream SLiM, I renamed the program.It was just a joke. I have no power and no idea what the dev team’s preferences are. If someone wants to login as root they don’t need slim. They can kill slim and stop the service as root and then directly startx as root. I also agree that disabling normal root login will avoid unnecessary problems, as antiX (how I see it) is intended to be used with a normal user account.
Sorry if it looked I was implying something else. You know I am just another user here, who knows much less than everybody else.antiX Live system enthusiast.
General Live Boot Parameters for antiX.If it is already available, share the gitlab link.
I’ll upload sourcecode + 64bit debfile for antiX 19.3 later today.
The deb will bear a versioned ~b1 suffix, but I’m not aware of any existing bugs. It is “beta” in the sense that its documentation is not yet complete, and (scope creep) the local testers are still suggesting further features.When tested on a virtualbox instance of pristine* antiX 19.3 Full, you should expect it
to be a bug-free drop-in replacement for SLiMnot bug-free, but able to functionaly demonstrate its support of localized theme variants. At installation, when debconf asks which [SLiM, or slimski] should be “active”? …select slimski. Immediately after installation (and a peek at the slimski manpage, to see available options) you can run preview mode to inspect the (“default”, and “ax”) prepackaged themes. Full use becomes available once you shutdown/restart (or at least telinit to change away from, then back to, runlevel 5). Upon later removal (purge) of the slimski package, at next boot the system will automatically revert to using SLiM.*pristine, because the as-shipped ~b1 slimski.conf specifies/recognizes only the following sessiontypes:
rox-icewm,space-icewm,icewm,min-icewm,rox-fluxbox,space-fluxbox,fluxbox,min-fluxbox,rox-jwm,space-jwm,jwm,min-jwm_________________
_________________edit: https://gitlab.com/skidoo/slimski
Upon using the “halt” special username, I wound up with
persist-config: error
“This script can only run the commands shutdown and reboot”
-=-
From wading the persist-config code recently, I recognize the error.
During livesession, using “halt” in any context would almost certainly yield this error ~~ not specific to SLiM nor slimski?
idunno, needs further testing.
I rechecked the configured halt command in slimski.conf, and the commandstring seems identical to the line in slim.confedit 2:
So, yeah “tested using a pristine 19.3Full ISO”…
persist-save had not yet been patched to remove its reported (by me) vulnerability.
^—> is a suid script, and it accepts an optional arg –command <commandstring here>
and was recently patched to only accept a fixed set {shutdown,reboot} of commandstrings.
So, upon dist-upgrading of the 19.3Full… during livesession we should now expect halt to
yield the same result regardless whether the command is issued via SLiM//slimski//cli
- You must be logged in to reply to this topic.
