[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Chris Adams
linux at cmadams.netWed Feb 15 19:23:35 UTC 2017
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Once upon a time, Gordon Messmer <gordon.messmer at gmail.com> said: > Leonard, man... you've got let this go. Users with shell access > already have fairly broad permission to execute arbitrary code on > the system they log in to. The memory leak in pkcheck is *not* a > security issue. It's just a bug. Here's the other thing about it: you are saying it might could be exploited in your setup (where other things maybe could not). That's potentially a problem, but it is not a problem in most anybody else's setup (most definitely not the default setup, or alternate setups from the Red Hat documentation). Red Hat generally only devotes resources to security issues in the default or documented setups; there have been CVEs where they just say "this is outside any supported setup". -- Chris Adams <linux at cmadams.net>
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list