Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Once upon a time, Gordon Messmer <gordon.messmer@xxxxxxxxx> said:
> Leonard, man... you've got let this go.  Users with shell access
> already have fairly broad permission to execute arbitrary code on
> the system they log in to.  The memory leak in pkcheck is *not* a
> security issue.  It's just a bug.

Here's the other thing about it: you are saying it might could be
exploited in your setup (where other things maybe could not).  That's
potentially a problem, but it is not a problem in most anybody else's
setup (most definitely not the default setup, or alternate setups from
the Red Hat documentation).  Red Hat generally only devotes resources to
security issues in the default or documented setups; there have been
CVEs where they just say "this is outside any supported setup".

-- 
Chris Adams <linux@xxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux