[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Gordon Messmer
gordon.messmer at gmail.com
Wed Feb 15 18:23:59 UTC 2017
On 02/15/2017 08:47 AM, Valeri Galtsev wrote:
> And yes, ALL user writable places (including often overlooked /dev/shm)
> are mounted with nosuid, nosgid, nodev, noexec options on servers where
> users are allowed to have shell.
How sure are you? On the system I'm looking at right now, any user can
write to:
/dev/mqueue
/dev/shm
/run/user/<uid>
/run/screen/S-<user>
/var/spool/samba
/home/<user>
/tmp
/var/tmp
Notably, the "screen" and "samba" locations only appear when the
respective packages are installed, so the places users can write may
vary from system to system.
More information about the CentOS
mailing list