LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
https://www.openwall.com/lists/oss-security/2020/02/24/5

https://redd.it/f8x7dt
@r_linux

Anyone else feel like they can write a python noscript way faster than the equivalent bash solutions (sed, awk, printf, etc.)?

Often I want to do simple tasks and to challenge myself to not use python I lookup the bash solution using tools like sed, awk, printf, etc. But just getting through the bash syntax and how every tool has its quirks using different flags is very time consuming. I also find that any task that can't be expressed as a simple loop or pipeline takes exponentially more time to write.

For example, today I had a task of trimming the leading and trailing whitespace from every line of a text file. The awk answer `awk '{$1=$1}1'` is short but very non-obvious to me, and the regex sed answer `'s/^[ \t]*//;s/[ \t]*$//'` is a mess. Python string handling such as `str.strip()` by comparison is reasonable and can handle special characters like whitespace and backslash with no problem (vs. `read` and whatever `$IFS` is). And it should be no surprise to newbies that bash syntax is full of gotchas. It feels like I am working in a minefield of potentially code-breaking special characters.

[Some articles online](https://www.makeuseof.com/tag/sed-awk-learn/) say "everyone needs to know sed and awk" but is it really worth learning whole new syntaxes? I suppose I am repeating myself of https://stackoverflow.com/questions/107603/is-there-still-any-reason-to-learn-awk I think it's more worth my time to work a language I am familiar with rather than trying to make use of these tools. What do you think?

https://redd.it/f8yep4
@r_linux

Flatcar Container Linux enters new era after CoreOS End-of-Life announcement
https://kinvolk.io/blog/2020/02/flatcar-container-linux-enters-new-era-after-coreos-end-of-life-announcement/

https://redd.it/f8y4vx
@r_linux

This week in KISS Linux (#12)
https://k1ss.org/blog/20200224a

https://redd.it/f8tx2a
@r_linux

Running Linux on school computer
https://redd.it/f91cx0
@r_linux

Set sudo chmod 0750 on Admin.. how to undo

**Account Setup**

Account #1 Admin with username (called dumbfuck for this post)

dumbfuck is a default account, the first account created and a admin.

​

Account #2

Account #2 is a normal user account. We will call it bob.

Bob had acess to dumbfucks files.

I used THIS GUIDE

[https://www.howtogeek.com/190084/how-to-prevent-other-users-from-accessing-your-home-directory-in-ubuntu-14.04/](https://www.howtogeek.com/190084/how-to-prevent-other-users-from-accessing-your-home-directory-in-ubuntu-14.04/)

​

to remove bobs access to dumbfucks files

sudo chmod 0750 /home/bob

(normal user cannot see home directory of admin)

This is okay 👍

I then (being dumbfuck)

ran the same command on the admin account.

sudo chmod 0750 /home/dumbfuck

I want to reset the user permissions on the Admin so that the Admin can still see files.

Username dumbfuck can no longer view bobs files.

How can I fix the user account dumbfuck to have admin permissions again and re-open the directory of bob?!?

https://redd.it/f92bfy
@r_linux

KYFM(former name YAFM), my own file manager
https://redd.it/f8y3hu
@r_linux

Local information disclosure in OpenSMTPD (CVE-2020-8793)
https://www.openwall.com/lists/oss-security/2020/02/24/4

https://redd.it/f8xc2q
@r_linux

Did any pros here switch to Linux ?

And if yes what is it you do ?

https://redd.it/f91z7q
@r_linux

Knoppix - ordered this from CheapBytes way back when
https://redd.it/f97gyp
@r_linux

LFTP (or other) to copy file / directory with same command

Hello,

I think that I am not using lftp correctly.

Does it possible with lftp to use the same command to copy file or directory ? Actually I am doing a simple mput when it's a file and mirror when it's a directory.

I would like to use a noscript which send automatically files or directory to my personnal NAS. More precisely, when my download on Deluge is over, Execute a noscript to direct copy the fresh downloaded files/directory. But sometimes it's just a standalone file or sometimes it's a directory with sub directories

I don't find the correct syntax, i could write an IF statement but maybe we can find something more easiser and proper

If I have to use an other tool than LFTP, no problem for me ! Indeed, the best way will be a web interface to manage transfert from my Seedbox to multiple destination. Actually, I have to modify my noscript for each download depends if it's a file, directory and destination.

​

Thanks,

https://redd.it/f9854m
@r_linux

Patching nVidia GPU driver for hot-unplug on Linux
https://lab.whitequark.org/notes/2018-10-28/patching-nvidia-gpu-driver-for-hot-unplug-on-linux/

https://redd.it/f98j01
@r_linux

Linux Kernel Stack Smashing
https://blog.infosectcbr.com.au/2020/02/linux-kernel-stack-smashing.html

https://redd.it/f98ip8
@r_linux

The Facts: Mozilla’s DNS over HTTPs (DoH)
https://blog.mozilla.org/netpolicy/2020/02/25/the-facts-mozillas-dns-over-https-doh/

https://redd.it/f99kgx
@r_linux

How a broken memory module hid in plain sight - and how I blamed the Linux Kernel and two innocent hard drives
https://chollinger.com/blog/2020/02/how-a-broken-memory-module-hid-in-plain-sight-and-how-i-blamed-the-linux-kernel-and-two-innocent-hard-drives/

https://redd.it/f9aah5
@r_linux

Kudos to LTT for the Linux videos they have been producing lately!
https://youtu.be/mAFMJ1LnQu8?t=1

https://redd.it/f9azdd
@r_linux

Make free encrypted backups to the cloud on Fedora
https://fedoramagazine.org/make-free-encrypted-backups-to-the-cloud-on-fedora/

https://redd.it/f9b3va
@r_linux

Manjaro 19.0 released Gnome, KDE, XFCE, Architect

https://i.imgur.com/j8lUsfa.jpg

The Xfce edition remains our flagship offering and has received the attention it deserves. Only a few can claim to offer such a polished, integrated and leading-edge Xfce experience. With this release we ship Xfce 4.14 and have mostly focused on polishing the user experience with the desktop and window manager. Also we have switched to a new theme called Matcha. A new feature Display-Profiles allows you to store one or more profiles for your preferred display configuration. We also have implemented auto-application of profiles when new displays are connected.

Our KDE edition provides the powerful, mature and feature-rich Plasma 5.17 desktop environment with a unique look-and-feel, which we completely re-designed for this release. The full set of Breath2-themes includes light and dark versions, animated splash-screen, Konsole profiles, Yakuake skins and many more little details. We have rounded off text editor Kate with some additional color schemes and offer Plasma-Simplemenu as an alternative to the traditional Kickoff-Launcher. With a wide selection of latest KDE-Apps 19.12.2 and other applications Manjaro-KDE aims to be a versatile and elegant environment ready for all your everyday needs.

In Gnome edition which is based on version 3.34 series, we also have included a visual refresh for several applications and the desktop itself. The background selection settings also received a redesign, making it easier to select custom backgrounds. By default we added our own dynamic wallpaper that changes throughout the day. GNOME 3.34 also introduces custom folders in the application overview: Simply drag an application icon on top of another to create a folder. Folders are automatically removed again when all icons have been dragged out. With a simpler desktop layout we gain more stability. Our new Gnome-Layout-Switcher enables you to change your desktop layout easily with preset layouts mimicking popular operating systems. Available layouts are: Manjaro, Vanilla Gnome, Mate/Gnome2, Traditional Desktop/Windows, Modern Desktop/MacOs, Unity/Ubuntu Theme. We also automatically change between dark and light theme when Nightlight is triggered. A new theme for the login screen and the addition of Feral's Gamemode round up our Gnome edition.

Kernel 5.4 LTS is used for this release, such as the latest drivers available to date. Relative to the last installation media release, our tools have been improved and polished.

Pamac 9.3 series received a few updates. With a more robust and reliable transaction backend our update process should be much smoother now. Also we improved package sorting by relevance in our GTK-UI. Enhancing our package management we have enabled snap and flatpak support by default. You can now install snaps or flatpaks very easily, with our new tool Bauh and make use of a larger selection of the latest Linux applications.

https://forum.manjaro.org/t/manjaro-19-0-released-gnome-kde-xfce-architect/126010

https://redd.it/f9cou5
@r_linux

Are you a professional that uses Linux for work? If so what is it that you do ?



https://redd.it/f9brso
@r_linux

pam_unix internals: unix_chkpwd

Have you ever bothered reading [Linux-PAM](http://www.linux-pam.org/) documentation?

Some years ago, I did.

Let's start with a super-quick intro:

PAM stands for Pluggable Authentication Modules. Linux-PAM provides authentication support in GNU/Linux.

One of the most interesting parts of Linux-PAM is the [pam\_unix module](http://www.linux-pam.org/Linux-PAM-html/sag-pam_unix.html).

More specifically, my favorite part of *pam\_unix* is the [unix\_chkpwd](https://github.com/linux-pam/linux-pam/blob/master/modules/pam_unix/unix_chkpwd.c) helper binary.

*unix\_chkpwd* does a very basic -nonetheless important- job: it verifies the password of the **current** user.

This makes it possible for applications like [xlock](https://linux.die.net/man/1/xlock) to work without being setuid-root (of course, a program running as unprivileged user cannot read */etc/shadow* !).

After reading about *unix\_chkpwd*, I was eager to give it a try...

...and so, I wrote a tiny bash noscript that leverages *unix\_chkpwd* to perform brute force attacks on current user password:

[https://github.com/marcobellaccini/chkpwd\_buddy](https://github.com/marcobellaccini/chkpwd_buddy)

Of course it is somewhat weird, but the cool part is that it does not require read access to */etc/shadow*!

I hope you enjoyed this post!

https://redd.it/f9e02s
@r_linux

KDE Plasma 5.18.2 LTS Released!
https://kde.org/announcements/plasma-5.18.1-5.18.2-changelog.php

https://redd.it/f9fyqq
@r_linux