Re: Local users get to play root?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/18/2009 06:12 PM, Richard Hughes wrote:

2009/11/18 Eric Christensen<eric@xxxxxxxxxxxxxxxxxxx>:

Has anyone drafted a notice to go out on the Announce List explaining
this vulnerability?  If admins don't know to fix/remove PK then they are
putting their systems at risk.


I'm really bored of this conversation. The bikeshed is blue. There are
much bigger problems in UNIX security than installing signed packages.
We don't set a grub password by default.


Signed does not mean bug-free.

Further, observe the broken logic:
"Because local users might be able to break into the system with effort, it is pointless to have any safeguards at all." 

[firefox|pidgin] exploit + PackageKit == trivial remote exploit.

	Jeff



--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux