NOW I AM REALLY PISSED OFF! At first I wanted to title this "DOS attack performed by SuSE" or "Sabotage performed by SuSE", but I managed it to cool down a bit, so I hopefully don't hit the wrong guy(s), but someone's got to be blamed and flamed, since this is a neverending story. I don't know if it's the team working on WINE or SuSE team compiling the packages for the distro, I assume it's both of them at the end. What they allow themselves is a pure sabotage and because it repeats in several distributions (I can remember at least the last 4-5) I can't believe that is an act of ignorance or a minor failure: I have never in my life had anything to do with ISDN and I don't have any hardware for this shit and I am even less interested in getting it, but SuSE is FORCING me to install ISDN packages, nevertheless. I ALWAYS deselect this crap and set it to "tabu", but the first time the system s allowed to automatically install a packet I happen to need (e.g. bttv in my case), it IGNORES any settings from installation time and installs all things I do not need: capi4linux, a bunch of isdn packages, formerly even "gnokii". Have you ever noticed that even if you deselect capi4linux, there are still packages required by it? Story background: I use wine sometimes and want it in my computer. Now, some brainless idiot(s) have set the package requirements so that you can't dodge, you'll get shot down anyway. Do they have something against smoothly running systems? Mine was OK, then I let the system automatically install packages needed for my TV card, and what happens? My computer hangs while trying to unload ISDN modules on reboot, and can't reboot any more!!! The only thing that helped was he reset button. After reboot, I saw there was a new entry in runlevel editor - you guess - "ISDN" and it was ON!!! I'm lucky this happened in my test machine and not in one of the servers I have running SuSE, but I am still VERY pissed off. What now? I don't believe that SuSE people are a bunch of idiots, because they have done many good things and hopefully will keep on doing them further. I don't believe it HAS to be this way, because other distributions don't do this to me/us. I don't believe they haven't noticed this, because this repeats for years, so what remains? Nothing I can think of but pure ignorance. This is not the only one thing that made me jump over to gentoo, but this is the only one that made me write this letter already three times ago, but every time till now I cooled down and trashed the mails. Now I won't. I have payed 90 EUR for the shit and I WANT IT WORKING PROPERLY! Don't you, wouldn't you, too? regards Dr. Nihad Mujkanovic Vienna, Austria
Nihad Mujkanovic wrote:
NOW I AM REALLY PISSED OFF!
This list is about security concerns. Use http://www.suse.de/cgi-bin/feedback.cgi if you want to make a serious improvement suggestion. Well-meant tip: just leave this isdn stuff alone. 600k disk space don't hurt and it doesn't do anything if not configured. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
The Thursday 2004-12-09 at 21:15 +0100, Nihad Mujkanovic wrote:
NOW I AM REALLY PISSED OFF! .... I have never in my life had anything to do with ISDN and I don't have any hardware for this shit and I am even less interested in getting it, but SuSE is FORCING me to install ISDN packages, nevertheless. I ALWAYS deselect this crap and set it to "tabu", but the first time the system s allowed to automatically install a packet I happen to need (e.g. bttv in my case), it IGNORES any settings from installation time and installs all things I do not need: capi4linux, a bunch of isdn packages, formerly even "gnokii". Have you
Er... I agree that installing all those things is a nuissance, specially about tabooed packages; but you don't explain why all that it is a security risk. And this is a security list, you know... -- Cheers, Carlos Robinson
Carlos E. R. wrote:
Er... I agree that installing all those things is a nuissance, specially about tabooed packages; but you don't explain why all that it is a security risk.
You could argue that /usr/sbin/isdnctrl is SUID root, so this is a potential security hole (see [1]). My favorite quote from [1]: "The i4l package is installed by default and also vulnerable if you do not have a ISDN setup." I think this is what the OP meant. When I kicked the ISDN packages off my system I also wondered why wine needs i4l and why i4l was even installed on a system without ISDN hardware. IMHO you shouldn't install services/SUID binaries that are _obviously_ unnecessary. Regards nordi [1] http://lwn.net/Alerts/7273/
The Sunday 2004-12-12 at 12:29 +0100, nordi wrote:
Carlos E. R. wrote:
Er... I agree that installing all those things is a nuissance, specially about tabooed packages; but you don't explain why all that it is a security risk.
You could argue that /usr/sbin/isdnctrl is SUID root, so this is a potential security hole (see [1]). My favorite quote from [1]: "The i4l package is installed by default and also vulnerable if you do not have a ISDN setup." I think this is what the OP meant.
Ah, that is a better explanation than the OP's, and with a better humour:-)
When I kicked the ISDN packages off my system I also wondered why wine needs i4l and why i4l was even installed on a system without ISDN hardware. IMHO you shouldn't install services/SUID binaries that are _obviously_ unnecessary.
Well, then a hack would be to make sure, in "/etc/permissions.local" that those files are not root suid if they do exist in the system. The settings are probably those of /etc/permissions.paranoid or /etc/permissions.secure. It would make sense, as it is true that YOU can install a tabooed package without the user noticing. I don't understand why a "taboo" does not keep "tabooed". I think I noticed isdn being installed the first time, and I removed it, time ago. But it has being installed on my back, and I don't know why. I don't see why wine should require it. -- Cheers, Carlos Robinson
On Sun, Dec 12, 2004 at 10:56:00PM +0100, Carlos E. R. wrote:
It would make sense, as it is true that YOU can install a tabooed package without the user noticing. I don't understand why a "taboo" does not keep "tabooed".
Perhaps because you want'S to work in a consistent rpm environment where all dependencies are fulfilled?
I don't see why wine should require it.
Have you ever considered to investigate this? <RANT> What is really annoying about this thread is, that people are criticizing Suse - in some cases in very bad wording - for something that is clearly for the wine developers to fix, and not Suses "fault". Has anyone who doesn't see this looked into the wine sources and perhaps grep'ped for "isdn" (no relevant hits) or capi (relevant hits). Just an important rule as far as security is concerned: THINK before you ACT. In case you can't be bothered to do that, please assume that you are incapable of getting anywhere as far as security is concerned. </RANT> Investigarion of the wine sources leads to the following: wine tries to implement all the upper layer APIs that are present in a basic Win install. Windows does have ISDN support, the API to the ISDN world is called CAPI. Wine uses the linux capi stuff to implement the windows API. The Suse wine package is being built with capi support and thus some isdn-stuff needs to be installed for wine to be able to use it. ciao Joerg -- Joerg Mayer <jmayer@loplof.de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.
The Monday 2004-12-13 at 01:49 +0100, Joerg Mayer wrote:
On Sun, Dec 12, 2004 at 10:56:00PM +0100, Carlos E. R. wrote:
It would make sense, as it is true that YOU can install a tabooed package without the user noticing. I don't understand why a "taboo" does not keep "tabooed".
Perhaps because you want'S to work in a consistent rpm environment where all dependencies are fulfilled?
No. If _I_ order a package to be tabooed, for my own reasons, I want it to keep tabooed the next time I open Yast. I do not want Yast to choose to forget my settings. At most, Yast should ask if I'm still sure I want to keep my taboo. I'm root. I order, yast obeys. IMNSHO. At present, I have to keep my list of tabooed packages on a sticker, and re-taboo them every time I use yast to install or remove a package. If I get tired of this, I create my own empty rpm to fool it.
I don't see why wine should require it.
Have you ever considered to investigate this?
¡Yes! So I ask if somebody knows, who can investigate it better than me, or who already knows. Do you object to that? That's the reason of mail list such as this, sharing knowledge, - and if you investigate me, you will find dozens of my answers per a single question.
<RANT> What is really annoying about this thread is, that people are criticizing Suse - in some cases in very bad wording - for something that is clearly for the wine developers to fix, and not Suses "fault".
_I_ haven't critizised SuSE. That was somebody else. Look again.
Investigarion of the wine sources leads to the following: wine tries to implement all the upper layer APIs that are present in a basic Win install. Windows does have ISDN support, the API to the ISDN world is called CAPI. Wine uses the linux capi stuff to implement the windows API. The Suse wine package is being built with capi support and thus some isdn-stuff needs to be installed for wine to be able to use it.
I thought of something on that line. Thanks for the explanation. -- Cheers, Carlos Robinson
On Thu, Dec 09, 2004 at 09:15:57PM +0100, Nihad Mujkanovic wrote:
NOW I AM REALLY PISSED OFF!
At first I wanted to title this "DOS attack performed by SuSE" or "Sabotage performed by SuSE", but I managed it to cool down a bit, so I hopefully don't hit the wrong guy(s), but someone's got to be blamed and flamed, since this is a neverending story. I don't know if it's the team working on WINE or SuSE team compiling the packages for the distro, I assume it's both of them at the end.
I have fixed this WINE issue in the upstream WINE and the dependency will no longer be present in the SUSE Linux version following 9.2. Ciao, Marcus
The Monday 2005-01-10 at 10:54 +0100, Marcus Meissner wrote:
I have fixed this WINE issue in the upstream WINE and the dependency will no longer be present in the SUSE Linux version following 9.2.
Thanks :-) -- Cheers, Carlos Robinson
participants (6)
-
Carlos E. R. -
Joerg Mayer -
Ludwig Nussel -
Marcus Meissner -
Nihad Mujkanovic -
nordi