[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
Solomon Peachy
pizza at shaftnet.org
Sun May 20 20:56:08 EDT 2018
On Sun, May 20, 2018 at 08:33:45PM -0400, Steve Litt via Ale wrote:
> So I let others say it. And isn't it interesting that the botched
> shellscript and systemd are from the same folks, and they're the folks
> who have no problem at all with bringing complexity to GNU/Linux (soon
> to be systemd/Linux).
Nevermind this bug predates systemd's existence, isn't the first time
it's happened [1], and this particular issue (and the entire class)
wouldn't have occurred had systemd's networking infrastructure been in
use.
I get you don't like systemd, but please, stick to the actual facts?
[1] ISC DHCP has an extensive history of security holes [2] [3] [4] [5],
to say nothing of stuff distros have added to the pile.
[2] https://www.cvedetails.com/vulnerability-list/vendor_id-64/product_id-17706/ISC-Dhcp.html
[3] https://www.cvedetails.com/vulnerability-list/vendor_id-64/product_id-610/ISC-Dhcp-Client.html
[4] https://www.cvedetails.com/vulnerability-list/vendor_id-64/product_id-2017/ISC-Dhcpd.html
[5] Those lists are more than two years out of date; there have been at
least three more ISC DHCP CVEs since then, including two in 2018.
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20180520/4595da86/attachment.sig>
More information about the Ale
mailing list