Re: Grrr... modprobe.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



W dniu 21 września 2010 16:33 użytkownik David Woodhouse
<dwmw2@xxxxxxxxxxxxx> napisał:
> On Mon, 2010-09-20 at 11:56 +0200, Michał Piotrowski wrote:
>> 2010/9/20 Bryn M. Reeves <bmr@xxxxxxxxxx>:
>> > On 09/20/2010 06:43 AM, Ralph Loader wrote:
>> >>
>> >>> After all these years, something from the fedora repos
>> >>> (the only ones I have active in my F14 partition) is still
>> >>> creating an (empty) /etc/modprobe.conf file.
>> >>
>> >> Looks like it's a minor security hole too:
>> >
>> > Not sure I'd call that minor considering what you can do via entries in
>> > that file.
>>
>> You can blacklist the firewall modules - it can be critical :)
>
> Why on earth would that be critical? The firewall is just a band-aid. If
> it does anything useful, your system was broken (or infected) already.

Real-life situation:
- a few servers with postgres - no authentication - setup for pgpool
- a firewall which blocks access from the outside to postgres

Yes - it's broken setup, but it works with firewall.

>
> Seriously, if there is *any* case where the lack of firewall would be
> 'critical', please file a bug for that.
>
> There are *much* more interesting things that someone could do with
> arbitrary write access to /etc/modprobe.conf

Surely, but I don't have enough cracker imagination to quickly come up
with some good examples :)

>
> --
> dwmw2
>
>

Regards,
Michal
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux