Dailydave mailing list archives
Re: Fedora 12 Fail
From: Kees Cook <kees () ubuntu com>
Date: Thu, 19 Nov 2009 12:20:58 -0800
On Wed, Nov 18, 2009 at 09:32:28PM -0500, Dave Aitel wrote:
To sum it up, Fedora 12 is defaulting to "Any user can install any package from the repo and then exploit it to get root". So like, if
I've seen variations on this sentence get repeated in a few places and I think it's valuable to point out it should read as "Any _local_ user..." (where "local" is defined by console-kit[1] -- see "ck-list-sessions" command). This makes it a smaller scope of problem, but it should not discourage anyone from reading the bug report anyway: https://bugzilla.redhat.com/show_bug.cgi?id=534047 -Kees [1] http://www.freedesktop.org/software/ConsoleKit/doc/ConsoleKit.html#Session:is-local -- Kees Cook Ubuntu Security Team _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Fedora 12 Fail Dave Aitel (Nov 18)
- Re: Fedora 12 Fail Michael Graham (Nov 18)
- Re: Fedora 12 Fail dan (Nov 19)
- Re: Fedora 12 Fail Kees Cook (Nov 19)
- Re: Fedora 12 Fail Michael Graham (Nov 18)