[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
leam hall
leamhall at gmail.com
Thu May 17 11:59:25 EDT 2018
On Thu, May 17, 2018 at 11:56 AM, Joey Kelly via Ale <ale at ale.org> wrote:
> On Thursday, May 17, 2018 11:40:39 AM EDT Jim Kinney via Ale wrote:
>> only impacts RHEL and Fedora (and CentOS and Scientific Linux)
>> It's very specific in the way a script in NetworkManager handles
>> returning data from a DHCP server. The script runs as root and can be
>> overrun with remote shell commands. Oops.
>
>
> "Ayer added that the situation is a reminder for Linux teams and developers of
> the “frailty” of shell scripts. Shell, a commonly used programming language on
> Linux systems, is simply prone to allowing these kinds of flaws to be coded, he
> said."
>
> I guess we should all take the hint and switch to something secure like, oh,
> Java.
>
> Grr..
Yeah, Ayer lost all credibility at that point.
More information about the Ale
mailing list