[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Gordon Messmer
gordon.messmer at gmail.com
Wed Feb 15 20:38:41 UTC 2017
On 02/15/2017 12:08 PM, Valeri Galtsev wrote:
> /run/screen/S-<user> - NOT on CentOS 5
> /var/spool/samba - NOT on CentOS 5 that needs extra security - in our shop;
To be pedantic: screen definitely creates a user-writable directory on
CentOS 5, in a different location, and samba will include that directory
if installed. It can be really hard to make sure everything required is
mounted noexec when some of these directories are automatically created
by SUID or SGID binaries, in response to user actions.
More information about the CentOS
mailing list