[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)

A. P. Garcia a.phillip.garcia at gmail.com
Sun May 20 13:26:48 EDT 2018


On Thu, May 17, 2018, 4:53 PM Solomon Peachy via Ale <ale at ale.org> wrote:

> On Thu, May 17, 2018 at 03:52:26PM -0400, Raj Wurttemberg via Ale wrote:
> > Really?? I know that all of our network gear AND servers are static.  I
> only
> > use DHCP on client and WiFi networks.
>
> We had a master list of IP<->MAC addresses, and that was used to
> generate DNS/rDNS, DHCP tables, and kickstart configurations.  No
> hand-edited anything.  No accidentally using someone else's address or
> misconfiguring some other parameter.
>
> It meant everything got set up the same way, and didn't rely on being
> able to remotely access a system to make configuration changes
> (ala ansible/etc) that tend to go along with taking a system out of test
> into production.  (or flaky BMCs or network KVM switches!)
>
>  - Solomon
>

Ah, that sounds like a DIY solution, and a rather good one! Would you care
to share any design or implementation decisions and details?

Thank you,
Phil Garcia

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180520/08c3d23b/attachment.html>


More information about the Ale mailing list