On Mon, 2010-09-20 at 14:54 +0200, MichaÅ Piotrowski wrote: > 2010/9/20 Bryn M. Reeves <bmr@xxxxxxxxxx>: > > On 09/20/2010 01:37 PM, Tom Horsley wrote: > >> On Mon, 20 Sep 2010 11:56:56 +0200 > >> MichaÅ Piotrowski wrote: > >> > >>> You can blacklist the firewall modules - it can be critical :) > >> > >> Actually, I think you can run any arbitrary command to > >> load a module, > > Or pass any parameter to a module. > > > so it is probably a gigantic security > >> hole. > > Yeah - but it depends on conditions, system configuration etc. It can > be treated as "minor issue", "major issue", "high risk vulnerability" > or "gigantic security hole" - depends on system configuration and > other things. Let's CC devel list. > > > > > Kinda what I was thinking. This should be fairly easy to track down with > > the amount of tracing and debugging tools we have in the distro now. I'm > > not convinced it's dracut's > > My F13 devel system is not affected - it's a standard web developer > system with databases, web servers, script languages etc. I don't > think that dracut is the culprit. > > > doing but if I have time to get a VM > > installed later on I'll try to have a poke around. > > > > Cheers, > > Bryn. > > Regards, > Michal I'm missing the original mail in this thread because I think it went to a different list. Can someone forward it to me, please. Thanks. Jon. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
