OESF Portal | OESF Forum | OESF Wiki | LinuxPDA | #planetgemini chat on matrix.org | #gemini-pda chat on Freenode | #zaurus and #alarmz chat on Freenode | ELSI (coming soon) | Ibiblio

IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Pdaxrom/linux Security, Is your PDA talking behind your back?
hbo
post May 24 2005, 11:22 PM
Post #1





Group: Members
Posts: 95
Joined: 5-March 05
Member No.: 6,576



I'm using an insecure browser right this minute! Be afraid. Be very.. wait, that's me that should be afraid. Rats.

Where did the project pick up the source code (besides mozilla.org) for the 1.0 version of Firefox? is someone tooled to do the build of the latest versions of ff and mozilla? I haven't checked, but I imagine thunderbird and sunbird need refreshing. too. I'm prepared to help, but I'm not set up for cross compiling with this toolkit. And I'm not patient enough to build anything like Mozilla on any of my Zaurii. 8)

The kernel probably needs multiple security patches too. See my post later in this thread.
Go to the top of the page
 
+Quote Post
adf
post May 24 2005, 11:25 PM
Post #2





Group: Members
Posts: 2,808
Joined: 13-September 04
From: Wasilla Ak.
Member No.: 4,572



a good idea, but the security isssues weren'texactly serious
Go to the top of the page
 
+Quote Post
hbo
post May 25 2005, 06:48 AM
Post #3





Group: Members
Posts: 95
Joined: 5-March 05
Member No.: 6,576



QUOTE(adf @ May 24 2005, 11:25 PM)
a good idea, but the security isssues weren'texactly serious
*


Yeah, but you can't download "skins" from mozilla.org unless you are running the latest. (Actually, you can't use the "update service." I'm pretty sure you could grab the skins th old fashioned way.)
Go to the top of the page
 
+Quote Post
adf
post May 25 2005, 11:06 AM
Post #4





Group: Members
Posts: 2,808
Joined: 13-September 04
From: Wasilla Ak.
Member No.: 4,572



I never even tried skinning my Z-firefox. tried a few plugins with limited success, and basically made an unconscious decision to live with whatever version installs from the distro feed.
I guess (because of the "fix") an update would do more than I had thought.
Go to the top of the page
 
+Quote Post
hbo
post May 25 2005, 12:40 PM
Post #5





Group: Members
Posts: 95
Joined: 5-March 05
Member No.: 6,576



QUOTE(adf @ May 25 2005, 11:06 AM)
I never even tried skinning my Z-firefox.  tried a few plugins with limited success, and basically made an unconscious decision to live with whatever version installs from the distro feed.
I guess (because of the "fix") an update would do more than I had thought.
*


Actually, if you turn off the bookmarks toolbar, and go to "full screen" mode, the default interface is pretty darn skinny. Still, I know of at least one extension that does work. It's a good idea to stay up to date with security patches. I think that several of the security bugs relate to opportunities to aid "phishing" attacks. They may be corner cases, but a really bad flaw could show up tomorrow, be patched within a week by mozilla, and wait for months to get integrated into the smaller community based distros like pdaXrom.

Mozilla is just the tip of the iceberg, of course. The two security patches in the "combined" kernel that Guylhem is working on are the first two I've seen on the Lineo/embedix/whatever base. I know for certain that there are multiple dozens of severe security bugs that apply to that level of the kernel. (I worked at supporting RH 7.3 after end-of-life, so I patched several myself.) How many of these have been addressed in the base release, vs. those that don't apply because a particular feature isn't used vs those that do apply but have been addressed by patches vs those that are still a threat is likely to be a difficult question to answer. I think this question gets more relevant as the capabilities of these machines improve. I'd like to use my 6K and 860 for secure remote access into Fortune 500 companies, for instance. I can probably do that, but should I?? (From a public wireless network for instance?)
Go to the top of the page
 
+Quote Post
adf
post May 25 2005, 01:00 PM
Post #6





Group: Members
Posts: 2,808
Joined: 13-September 04
From: Wasilla Ak.
Member No.: 4,572



For that and other reasons (like the fast floating point) I'd really love to see guylhem's kernel available for pdax/6k (or the pdaX 6k branch use gulhem's source) . I'll see if it doesn't just "update" in tonight.

maybe we ought to learn how to setup pdax crosscompiler? (not that i have any ambition to crosscompile firefox--I'd rather have dentistry---)
Go to the top of the page
 
+Quote Post
hbo
post May 25 2005, 01:49 PM
Post #7





Group: Members
Posts: 95
Joined: 5-March 05
Member No.: 6,576



QUOTE(adf @ May 25 2005, 01:00 PM)
maybe we ought to learn how to setup pdax crosscompiler? (not that i have any ambition to crosscompile firefox--I'd rather have dentistry---)
*


Hah! Laughing gas makes dentistry a positive pleasure, or so I've heard. 8)

And building Mozilla isn't that tough. It just takes a long time. I haven't tried to build Firefox. so I don't know how much more or less complex that is. I do want to set up the pdaXrom toolchain in cross-compile mode. One of the really attractive things about this distro is the very compatible X11 environment. "Porting" nonpareil was a simple matter of dealing with the packaging issues. the code itself Just Worked™. And it has non-trivial dependencies recent versions of gtk+ and glib.
Go to the top of the page
 
+Quote Post
BarryW
post May 25 2005, 02:45 PM
Post #8





Group: Members
Posts: 690
Joined: 4-June 04
From: Ohio
Member No.: 3,570



I downloaded the favorites sync extension and installed it manually. Worked really well. What I want is a browser that will render my avatar correctly!!! -------------------->
Go to the top of the page
 
+Quote Post
jerrybme
post May 25 2005, 07:37 PM
Post #9





Group: Members
Posts: 639
Joined: 4-September 03
From: Chicago
Member No.: 401



Anyone have any ideas on how to lock down pdaxrom so that a password is required to recover from a suspend? ph34r.gif I guess you could install xscreensaver, set it to lock the screen. Any other ideas?
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 25th September 2018 - 11:16 AM