Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/15/2017 12:08 PM, Valeri Galtsev wrote:
/run/screen/S-<user> - NOT on CentOS 5
/var/spool/samba - NOT on CentOS 5 that needs extra security - in our shop;


To be pedantic: screen definitely creates a user-writable directory on CentOS 5, in a different location, and samba will include that directory if installed. It can be really hard to make sure everything required is mounted noexec when some of these directories are automatically created by SUID or SGID binaries, in response to user actions.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux