Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: Serious attack vector on pkcheck ignored by Red Hat
From: Gordon Messmer <gordon.messmer@xxxxxxxxx>
Date: Wed, 15 Feb 2017 12:38:41 -0800
Delivered-to: centos@xxxxxxxxxx
In-reply-to: <64431.128.135.52.6.1487189297.squirrel@cosmo.uchicago.edu>
References: <4a8f0e53-c5b2-61fd-b6cb-21e97f713b7c@gmail.com> <1486067854.12088.47.camel@quad> <c034e273-2c7b-1709-242c-c162f4967a13@gmail.com> <1486674227.5127.39.camel@quad> <271BC3C5-E237-40B3-93C2-A2A384F03521@etr-usa.com> <1486676382.5127.55.camel@quad> <84B9DF36-7475-4562-8879-22B1F16CC8A6@etr-usa.com> <1487173028.5199.11.camel@quad> <eb645a59-4a19-2189-7b6d-bcc3a19ecca3@centos.org> <1487174115.5199.14.camel@quad> <20170215162237.GB1292@cmadams.net> <31974.128.135.52.6.1487177272.squirrel@cosmo.uchicago.edu> <59d822df-0175-20c9-2eb5-2c99b29e192e@gmail.com> <64431.128.135.52.6.1487189297.squirrel@cosmo.uchicago.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

On 02/15/2017 12:08 PM, Valeri Galtsev wrote:

/run/screen/S-<user> - NOT on CentOS 5
/var/spool/samba - NOT on CentOS 5 that needs extra security - in our shop;

To be pedantic: screen definitely creates a user-writable directory onCentOS 5, in a different location, and samba will include that directoryif installed. It can be really hard to make sure everything required ismounted noexec when some of these directories are automatically createdby SUID or SGID binaries, in response to user actions.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

Follow-Ups:
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Valeri Galtsev

References:
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Warren Young
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Warren Young
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Johnny Hughes
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Chris Adams
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Valeri Galtsev
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
  - From: Valeri Galtsev

Prev by Date: Re: CentOS 7, systemd, NetworkMangler, oh, my
Next by Date: Re: mach64 driver, latest update in CentOS 6.8, symbol lookup error
Previous by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
Next by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
Index(es):
- Date
- Thread

[Index of Archives] [CentOS] [CentOS Announce] [CentOS Development] [CentOS ARM Devel] [CentOS Docs] [CentOS Virtualization] [Carrier Grade Linux] [Linux Media] [Asterisk] [DCCP] [Netdev] [Xorg] [Linux USB]