Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/09/2017 02:27 PM, Warren Young wrote:
I’m with Gordon: someone certainly should fix this problem for its own sake, but don’t try to strong-arm Red Hat into doing it for you because Security.

Way too many bad things are done Because Security.


My larger concern is that there *does* seem to be a security issue with pkexec that has at least two very simple fixes, and that issue isn't being addressed because of the noise involved in arguing about pkcheck. There's no security problem in pkcheck, and all of the time spent insisting that there is serves to further delay fixing pkexec.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux