[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)

Joey Kelly joey at joeykelly.net
Thu May 17 11:56:21 EDT 2018


On Thursday, May 17, 2018 11:40:39 AM EDT Jim Kinney via Ale wrote:
> only impacts RHEL and Fedora (and CentOS and Scientific Linux)
> It's very specific in the way a script in NetworkManager handles
> returning data from a DHCP server. The script runs as root and can be
> overrun with remote shell commands. Oops.


"Ayer added that the situation is a reminder for Linux teams and developers of 
the “frailty” of shell scripts. Shell, a commonly used programming language on 
Linux systems, is simply prone to allowing these kinds of flaws to be coded, he 
said."

I guess we should all take the hint and switch to something secure like, oh, 
Java.

Grr..

-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550


More information about the Ale mailing list