xisop | gitea is back up | 00:09 |
---|---|---|
Xenguy | good to know | 00:11 |
Afdal | All right, I've got an annoyance I've been working around for a while but I'd finally like it resolved | 01:00 |
Afdal | For some reason my Devuan/desktop environment/file manager keeps interpreting binaries as Shared Libraries | 01:00 |
Afdal | So I have to go into a terminal and do ./runmybinarydummy in order to run them | 01:01 |
Afdal | it's really aggrevating | 01:01 |
Afdal | When they're interepreted as Shared Libraries it doesn't allow a simple double click | 01:01 |
Afdal | this often happens to compiled binaries for me | 01:01 |
Afdal | running Devuan Chimaera with Xfce here | 01:02 |
Afdal | Can anyone explain why this is happening? | 01:02 |
Hurgotron | Afdal: Never had that. Where do you click? Desktop starter? | 01:02 |
Afdal | What do you mean? | 01:03 |
Afdal | I'm just trying to double click binaries files to run the heckin binaries and it thinks they're not binary file types but Shared Library file types instead | 01:03 |
Afdal | Running "file" on an example here, it says it's a "ELF 64-bit LSB pie executable" | 01:04 |
Hurgotron | For the few things I want to start by clicking in GUI, I reate a desktop starter - right mouse button on desktop, create starter (or somesuch, local language is german here) | 01:04 |
Afdal | Oh you mean, create a launcher? | 01:05 |
Hurgotron | I'm still not sure where you "double click binaries files" - on the desktop? In some file manager? | 01:05 |
Afdal | either, doesn't matter | 01:05 |
Hurgotron | launcher probably. Never had issues with that | 01:06 |
Afdal | I mean, I guess I can just make a Launcher file | 01:07 |
Afdal | that does work... | 01:07 |
Afdal | but why are some binaries interpreted as the shared libraries like this? | 01:07 |
Hurgotron | Good question. Trying to reproduce. Do they have some extension? | 01:08 |
Afdal | No | 01:09 |
Hurgotron | Afdal: Ah, got it. I guess the DE misinterprets the outout of "file"... interesting | 01:13 |
Hurgotron | Afdal: https://www.linux.org/threads/problem-with-executables-as-shared-library-files.25886/ | 01:17 |
Hurgotron | Doesn't sound entirely convncing to me, but fits your experiences | 01:18 |
Afdal | hmm | 01:19 |
Afdal | this reply says: | 01:19 |
Afdal | Compile the program without the "pie"(position independent) flag and you will be good. Position independent programs require a dynamic loader to be run so they have the "dynamic" flag set, which is traditionnaly used by programs to detect libraries (pie uses a mechanism similar to libraries). | 01:19 |
Afdal | So... does that mean a lot of devs are setting the wrong flag by default? | 01:19 |
Afdal | Because this is a rather common problem for me | 01:19 |
Hurgotron | pie seems to be a common setting | 01:20 |
Hurgotron | It's probably more like the DE starting mechanism makes some wrong assumptions | 01:20 |
Hurgotron | I guess most people (including me) want icons and stuff for the things they launch from GUI | 01:21 |
Hurgotron | So I never had that problem | 01:21 |
Hurgotron | Would be an XFCE issue | 01:22 |
Hurgotron | Or maybe you can try to associate bash with that type of file, soe the DE opens "bash executable" which should work | 01:22 |
Xenguy | I only know that doing ./executablefile is very much a traditional thing... | 03:13 |
Xenguy | Not sure if there's a security rationale or not | 03:13 |
ravehaver9000 | just installed s6 as a process supervisor in my system | 04:09 |
ravehaver9000 | might test it out as an init system on a virtual machine | 04:10 |
gnarface | ravehaver9000: before you left the other day i forgot to clarify that the proper place to edit the grub cmdline is in /etc/default/grub (then re-run update-grub) | 04:21 |
gnarface | ... just in case you weren't aware, didn't want you struggling with manual edits to /boot/grub/ | 04:21 |
gnarface | debian changed how that works some time ago | 04:22 |
ravehaver9000 | oh, thanksx a lot gnarface | 05:21 |
ravehaver9000 | i just edited /etc/default/grub and updated grub, only took a minute! | 05:22 |
rwp | c | 07:29 |
sedrosken | so -- I've accepted I'm going to need to recompile telnetd to include PAM support for my use case (restricting login to only one user) | 10:16 |
sedrosken | but I'm not sure how I'd enable that | 10:17 |
sedrosken | before anyone even starts in with the "telnet bad use ssh" rigmarole it's a legacy situation and it *has* to be telnet | 10:17 |
sedrosken | I'd very much prefer to be using ssh but for this case I just can't | 10:18 |
gnarface | sedrosken: i'm surprised it doesn't include pam support by default in the debian build, are you sure that it does not? | 11:57 |
sedrosken | ldd /usr/sbin/in.telnetd returns no references to any PAM libraries | 11:58 |
gnarface | well shouldn't be hard to rebuild anyway | 11:58 |
sedrosken | and setting stuff in /etc/pam.d/* files doesn't seem to affect it | 11:58 |
gnarface | apt-get source telnetd | 11:58 |
gnarface | dpkg-buildpkg -us -uc | 11:59 |
gnarface | or something of the like | 11:59 |
gnarface | config flags are in the debian/control file i think | 11:59 |
sedrosken | and man telnetd mentions under -a authmode "Note that this option is only useful if telnetd has been compiled with support for authentication, which is not available in the current version" | 12:00 |
gnarface | oh you should "apt-get build-dep telnetd" and "apt-get build-essential" first if you haven't, but it will probably work | 12:00 |
sedrosken | where will it put that? | 12:01 |
sedrosken | the debian/control file | 12:01 |
sedrosken | I'm not sure where source files go when they're installed by debian/devuan | 12:01 |
gnarface | $SRCROOT/debian/control | 12:01 |
gnarface | oh, "apt-get source [package]" downloads to the current directory | 12:01 |
sedrosken | oh! | 12:01 |
sedrosken | thanks | 12:01 |
gnarface | any debianized source should have a ./debian/ directory at the top level, with a main control file and probably a bunch of serially numbered patches | 12:02 |
sedrosken | right | 12:02 |
sedrosken | it mentioned it was applying about a dozen patches | 12:02 |
gnarface | if you're just adding a flag for the build configuration it's probably just something you can add to the existing line in the control file | 12:03 |
sedrosken | would I put it in the Depends: line? | 12:03 |
sedrosken | I'm guessing I'd be adding some permutation of libpam to that | 12:04 |
gnarface | uh, i forget | 12:04 |
gnarface | yes, i think you would want to edit the depends | 12:05 |
gnarface | probably add a custom version string or at least edit the build serial number too | 12:05 |
gnarface | and "-us -uc" above would be assuming you're building an unsigned package, but i dunno how official your setup is, maybe you want to sign the package too | 12:06 |
gnarface | i think we have a devuan reference for this somewhere, but i keep referring back to debian's new maintainer guide, starting with chapter 6 because they put everything out of order on purpose: https://www.debian.org/doc/manuals/maint-guide/build.en.html | 12:07 |
gnarface | they overcomplicate it too, usually the process of making a minor change doesn't require knowing all this | 12:07 |
gnarface | you shouldn't have to mess with quilt or anything | 12:08 |
gnarface | if there's a devuan reference guide somewhere i forget the link | 12:09 |
gnarface | it should mostly not be different though | 12:09 |
sedrosken | ldding the finished in.telnetd shows no change | 12:10 |
sedrosken | hm | 12:10 |
sedrosken | am I just too smoothbrained for this | 12:10 |
gnarface | maybe it's not a flat topology? maybe something else depends on pam? i dunno sorry | 12:11 |
sedrosken | I just wanted to stop anyone but a specific user from logging in via telnet :/ | 12:12 |
gnarface | well i have a feeling there's another way to do what you want that doesn't require rebuilding anything but i'm not sure what it is | 12:12 |
gnarface | maybe look into openldap? | 12:12 |
gnarface | actually deploying it might not be easier than figuring out how to rebuild telnetd right though, dunno | 12:12 |
sedrosken | granted this use-case has only me as the user, and it's on a closed LAN | 12:13 |
sedrosken | if someone manages to get into my LAN I've got bigger problems than someone being able to log in as root over telnet | 12:13 |
sedrosken | I'm just trying not to deliberately be any more insecure than I have to be | 12:14 |
gnarface | what configure flag did you add to the control file? | 12:14 |
sedrosken | added libpam-modules to the Depends: line | 12:14 |
sedrosken | the control file didn't seem to have much to do with how the package actually builds, it seems to be more of a package description file | 12:15 |
gnarface | oh? that's it? well there's a problem | 12:15 |
gnarface | somewhere in there should be a literal string of command-line options for the ./configure flag, i'm sure you'd have to edit that too | 12:15 |
sedrosken | interesting | 12:15 |
sedrosken | I'll nuke the directory and grab fresh | 12:15 |
gnarface | the Depends field is literally just to tell the package to also install those other packages, it won't change the build itself | 12:16 |
gnarface | all the packages do things a little bit different so maybe they've batched the configure command-line up from some script that assembles it or something, you might have to poke around a bit... hopefully it's not anything too complicated | 12:17 |
gnarface | the control file should be the main entry point though | 12:17 |
gnarface | so simpler packages put pretty much everything in there | 12:17 |
gnarface | possibly downloading a couple other simpler source packages to look at them as a comparison might make things clearer | 12:18 |
sedrosken | https://pastebin.com/UGiB5fRG | 12:18 |
gnarface | uh, i don't trust pastebin, just /msg it to me or use paste.debian.net | 12:18 |
sedrosken | oooooooooooooooookay then | 12:19 |
gnarface | assuming the package is using automake it's still gotta call configure somewhere | 12:19 |
sedrosken | http://paste.debian.net/1265606/ | 12:20 |
sedrosken | sorry for the double-paste there, but that's the entire contents of control | 12:20 |
gnarface | hmm | 12:27 |
gnarface | what about debian/rules? | 12:28 |
gnarface | anything in there ? | 12:28 |
sedrosken | messaged it to you | 12:28 |
gnarface | oh, it's using cmake | 12:28 |
gnarface | so that's probably why it's different | 12:29 |
sedrosken | oh dear | 12:29 |
gnarface | well, figure out where cmake keeps the build options | 12:29 |
sedrosken | CMakeLists.txt in the parent directory, looks like | 12:30 |
sedrosken | C FLAGS look like -D_GNU_SOURCE, -Ddebian, -DACCEPT_USERVAR, -Wall, and -Wno-trigraphs | 12:30 |
sedrosken | welp now I just need to figure out what parameter will enable PAM | 12:33 |
sedrosken | and that seems to be out of scope for this | 12:33 |
gnarface | i'm assuming "./configure --help" won't help? | 12:34 |
gnarface | there's no configure script, is there? | 12:34 |
sedrosken | there is | 12:35 |
gnarface | there IS? | 12:35 |
gnarface | hmmm | 12:35 |
gnarface | maybe the options for it are separate | 12:35 |
gnarface | separate from the c flags | 12:35 |
sedrosken | yeah it just seems to be setting basic install options for use with make | 12:35 |
gnarface | try to grep for them or something | 12:36 |
sedrosken | no need, the output is quite small | 12:36 |
gnarface | that's it?? | 12:37 |
gnarface | well that's not helpful | 12:37 |
gnarface | are we sure this source even has pam support available? | 12:37 |
sedrosken | That's a good question and it may well not. | 12:38 |
gnarface | wait, which source package did you request, specifically? inetutils-telnetd? | 12:38 |
sedrosken | just what apt refers to as telnetd | 12:38 |
gnarface | hmmm | 12:38 |
sedrosken | there's telnetd and telnetd-ssl | 12:38 |
gnarface | i guess i'm seeing a transition to a different package name happening in ceres | 12:39 |
sedrosken | strange for something borderline deprecated | 12:39 |
gnarface | i assume these are the things you had already tried? https://serverfault.com/questions/36322/how-can-i-use-pam-to-restrict-telnet-login-by-user | 12:40 |
sedrosken | eeyup | 12:40 |
gnarface | i wonder if there's a way to make openssh support telnet | 12:40 |
gnarface | i know it can be run without encryption, but i'm not sure if there's actually a way to add telnet client support | 12:40 |
sedrosken | it'd be so much simpler if the client just supported ssh properly in the first place | 12:41 |
gnarface | grep the source for any mentions of pam | 12:42 |
sedrosken | well that doesn't seem to return anything | 12:43 |
sedrosken | guess that settles that | 12:43 |
sedrosken | oh well. like I was saying, if someone manages to get into my LAN I have bigger problems than people being able to login as root | 12:43 |
gnarface | grep -i? | 12:43 |
sedrosken | nothing | 12:43 |
gnarface | not very promising | 12:43 |
sedrosken | wonder what telnetd implementation these folks are using that it DOES support PAM | 12:44 |
gnarface | a good question | 12:44 |
sedrosken | the funny thing is, the client can *technically* do SSH, but it's too slow to negotiate a connection | 12:45 |
sedrosken | it exchanges keys, but times out before it properly connects | 12:45 |
gnarface | hmm, i wonder if there's a way to address that then with lower encryption level, shorter keys or something | 12:45 |
sedrosken | maybe | 12:45 |
gnarface | change of cypher suites | 12:45 |
sedrosken | hm | 12:46 |
gnarface | there should be a way to make a new openssh server behave more like an old version from around the time of the creation of the client in question using such settings | 12:46 |
gnarface | or, you could try just turning off encryption for openssh, maybe that will obviate the problem | 12:47 |
sedrosken | yeah, it's exchanging an RSA-2048 key and probably using a really complex cipher on a FPU roughly the speed of a 33MHz 80387 | 12:47 |
gnarface | like i said, you can run openssh without encryption, i'm just not sure if there's any actual telnet support built in | 12:47 |
gnarface | but if the client can also do ssh and is just too slow, there should be a way to address that from the openssh server side | 12:48 |
sedrosken | for SSH negotiation, do they typically do lowest common denominator or highest | 12:48 |
sedrosken | ie if I enable both aes-128 and aes-256 will it use 128 or 256 by default if both client and server support both | 12:48 |
gnarface | i'm not actually sure, you would think it does highest-common-denominator but for some reason my head is telling me there's just a file with a list of them and it simply tries them in order | 12:49 |
gnarface | maybe that's only for ssl though | 12:50 |
sedrosken | yeah, in sshd_config there's a Ciphers line | 12:50 |
gnarface | but there might be a way to just make it try the 128 one first by moving it to the front of the line | 12:50 |
sedrosken | I'm guessing it'll try them in order | 12:50 |
sedrosken | well, I've simplified the key exchange to the point now where I think it's done pretty much instantly... but even AES-128 looks like it's too much for this poor thing | 13:14 |
gnarface | look into running it without encryption entirely | 13:17 |
gnarface | it shouldn't be any less secure that way than telnet would have been | 13:18 |
sedrosken | that's a fair point | 13:18 |
u-amarsh04 | sedrosken telnetd-ssl package might be what you need | 14:54 |
sedrosken | checked that too and it doesn't seem to be linked to PAM either, it just encrypts the telnet session with SSL | 14:54 |
sedrosken | from what I understand | 14:54 |
u-amarsh04 | ah | 14:54 |
sedrosken | I appreciate the thought though | 14:55 |
u-amarsh04 | I just use telnetd-ssl and ckermit between the two pc's I have at home | 14:55 |
tomtmym | Hello | 17:34 |
tomtmym | Is "nvidia-driver" the one required if have nvidia? | 17:34 |
ravehaver9000 | yeah it is | 17:51 |
ravehaver9000 | nouveau sucks so you have to install the propietary drivers asap | 17:52 |
ravehaver9000 | else nouveau might break on you and leave you with a completely useless black screen that also breaks your system (although thats more of an experience ive had with my testing install) | 17:52 |
tomtmym | ravehaver9000: ok, thanks | 18:23 |
golinux | I discovered that the DNG mail cert was expired last night when I went to check some admin stuff. Have notified the folks at dyne but with the holidays who knows when it might get fixed. In the meantime no mail will be coming through on DNG. Patience . | 18:27 |
ravehaver9000 | thanks a lot golinux | 18:42 |
ravehaver9000 | i personally dont use the mailing list much but im glad youvve told us about it | 18:42 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!