Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/09/2017 02:55 PM, John R Pierce wrote:

you realize noone on this email list has anything to do with the source code for this pkcheck thing? CentOS uses the code exactly as is that Red Hat releases. You're tilting at windmills in the wrong country here.


Yes, I do. And I tried to help OP file a bug report with Red Hat so that pkexec could be fixed. His original bugs wasted a lot of time arguing about pkcheck, and were closed WONTFIX. He has since filed new bug reports which are currently ASSIGNED. I'm hopeful that those will be fixed, because there does appear to be a security flaw in a SUID binary installed by default on CentOS 6 and 7.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux