[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
Joey Kelly
joey at joeykelly.net
Thu May 17 11:56:21 EDT 2018
On Thursday, May 17, 2018 11:40:39 AM EDT Jim Kinney via Ale wrote:
> only impacts RHEL and Fedora (and CentOS and Scientific Linux)
> It's very specific in the way a script in NetworkManager handles
> returning data from a DHCP server. The script runs as root and can be
> overrun with remote shell commands. Oops.
"Ayer added that the situation is a reminder for Linux teams and developers of
the “frailty” of shell scripts. Shell, a commonly used programming language on
Linux systems, is simply prone to allowing these kinds of flaws to be coded, he
said."
I guess we should all take the hint and switch to something secure like, oh,
Java.
Grr..
--
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
More information about the Ale
mailing list