On Tuesday 24 February 2009 01:40:40 am Gregory Maxwell wrote: > This shouldn't have been sent to this list: It should have been filed > as a confidential bug, it's CERT announcement material. I guess its > too late now. Yes, I think so, too. From a security PoV, this creates a big problem in log correlation. An attacker can create a misleading audit trail that might make something look like it happened at one time while it really happened at another. You also have time based authentications that could allow access at disallowed times, and you can also prevent cron jobs from running that perhaps would have found an intrusion. A bug should be filed and this should be fixed in all affected releases ASAP. -Steve -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
