Dailydave mailing list archives

Re: Fedora 12 Fail

From: Michael Graham <jmgraham () gmail com>
Date: Wed, 18 Nov 2009 19:36:01 -0800

"I don't particularly care how UNIX has always worked." has already
turned into a new catchphrase around here.

On Wed, Nov 18, 2009 at 6:32 PM, Dave Aitel <dave.aitel () gmail com> wrote:

Probably the best Linux thread in months:
https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00945.html

To sum it up, Fedora 12 is defaulting to "Any user can install any
package from the repo and then exploit it to get root". So like, if
the repo signs something hilarious like "bob's vulnerable FTP
server.rpm", every Fedora 12 server is vulnerable. Unless you've
uninstalled PolicyKit or something else esoteric. It's awesome. Read
the whole thread, as the GRSec team says, with a bag of popcorn.

There's no Linux security center of gravity. The closest is spender.
But he can only keep you honest if you want to be kept honest.

-dave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Fedora 12 Fail Dave Aitel (Nov 18)
- Re: Fedora 12 Fail Michael Graham (Nov 18)
  - Re: Fedora 12 Fail dan (Nov 19)
- Re: Fedora 12 Fail Kees Cook (Nov 19)