[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Chris Adams
linux at cmadams.netWed Feb 15 16:22:37 UTC 2017
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Once upon a time, Leonard den Ottolander <leonard at den.ottolander.nl> said: > On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote: > > 2. They already have shell access on the machine in question and they > > can already run anything in that shell that they can run via what you > > are pointing out. > > No, assuming noexec /home mounts all they can run is system binaries. noexec is not that big of a protection. On a normal CentOS system, you almost certainly have python installed (as well as likely other scripting languages such as perl), and they can be used to do just about anything compiled code can do. Plus there's /tmp, /var/tmp, and other directories (depending on software installed) that are writable by users, so unless you mount something noexec on all of them, you haven't gained much. noexec is largely a legacy option at this point. -- Chris Adams <linux at cmadams.net>
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list