[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
- Subject: [ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
- From: leamhall at gmail.com (leam hall)
- Date: Thu, 17 May 2018 11:59:25 -0400
- In-reply-to: <2408661.gbiu7ldDRv@elijah>
- References: <[email protected]> <[email protected]> <[email protected]> <2408661.gbiu7ldDRv@elijah>
On Thu, May 17, 2018 at 11:56 AM, Joey Kelly via Ale <ale at ale.org> wrote:
> On Thursday, May 17, 2018 11:40:39 AM EDT Jim Kinney via Ale wrote:
>> only impacts RHEL and Fedora (and CentOS and Scientific Linux)
>> It's very specific in the way a script in NetworkManager handles
>> returning data from a DHCP server. The script runs as root and can be
>> overrun with remote shell commands. Oops.
>
>
> "Ayer added that the situation is a reminder for Linux teams and developers of
> the ?frailty? of shell scripts. Shell, a commonly used programming language on
> Linux systems, is simply prone to allowing these kinds of flaws to be coded, he
> said."
>
> I guess we should all take the hint and switch to something secure like, oh,
> Java.
>
> Grr..
Yeah, Ayer lost all credibility at that point.