[CentOS] Serious attack vector on pkcheck ignored by Red Hat
John R Pierce
pierce at hogranch.com
Thu Feb 9 22:55:36 UTC 2017
On 2/9/2017 2:40 PM, Gordon Messmer wrote:
>
> My larger concern is that there *does* seem to be a security issue
> with pkexec that has at least two very simple fixes, and that issue
> isn't being addressed because of the noise involved in arguing about
> pkcheck. There's no security problem in pkcheck, and all of the time
> spent insisting that there is serves to further delay fixing pkexec.
you realize noone on this email list has anything to do with the source
code for this pkcheck thing? CentOS uses the code exactly as is that
Red Hat releases. You're tilting at windmills in the wrong country here.
--
john r pierce, recycling bits in santa cruz
More information about the CentOS
mailing list