[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
Solomon Peachy
pizza at shaftnet.org
Thu May 17 13:25:14 EDT 2018
On Thu, May 17, 2018 at 11:59:25AM -0400, leam hall via Ale wrote:
> > "Ayer added that the situation is a reminder for Linux teams and
> > developers of the ???frailty??? of shell scripts. Shell, a commonly
> > used programming language on Linux systems, is simply prone to
> > allowing these kinds of flaws to be coded, he said."
>
> Yeah, Ayer lost all credibility at that point.
No, he's completely correct. This flaw (and those of its class) would
not have been possible had that glue logic been implemented in just
about anything other than a shell script.
(That shell script basically took the DHCP results and used a shell
script to mash it up against a NetworkManager helper tool, which in
turn just makes a dbus invocation to notify NetworkManager of the
change. A more modern DHCP client would have just made the dbus call
directly)
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20180517/eae9d424/attachment.sig>
More information about the Ale
mailing list