[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Gordon Messmer
gordon.messmer at gmail.comThu Feb 2 15:16:04 UTC 2017
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 02/02/2017 06:51 AM, Leonard den Ottolander wrote: > pkcheck might not be directly vulnerable. However, pkexec is. If that's so, why are you supplying patches to pkcheck rather than fixing pkexec? If your bug report, you said, "The author clearly states that in his example exploit he gives himself a break, ... choosing a more easily exploitable binary so he does not have to add a privilege escalation." But that's not true. The author used pkexec *because* it's SUID root. Lots of programs can be made to crash due to memory errors. Those are bugs, but it's only exploitable if you can cause a program that has rights other than your own to execute code on your behalf. If you cause a program with your own rights to execute code, you're just executing code via a complicated path. It's not a security flaw because you have the rights to execute the same code directly, rather than through a memory handling flaw.
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list