Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello Johnny,

On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote:
> 2.  They already have shell access on the machine in question and they
> can already run anything in that shell that they can run via what you
> are pointing out.

No, assuming noexec /home mounts all they can run is system binaries.

> 3.  If they have access to a zeroday issue that give them root .. they
> can just use that via their shell that they already have (that you gave
> them, which they are using) to get root .. they therefore don't need to
> use this issue at all.

No, assuming noexec /home mounts all they have to leverage a zero day
are system binaries. pkcheck to the rescue.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux