Dailydave mailing list archives
Fedora 12 Fail
From: Dave Aitel <dave.aitel () gmail com>
Date: Wed, 18 Nov 2009 21:32:28 -0500
Probably the best Linux thread in months: https://www.redhat.com/archives/fedora-devel-list/2009-November/msg00945.html To sum it up, Fedora 12 is defaulting to "Any user can install any package from the repo and then exploit it to get root". So like, if the repo signs something hilarious like "bob's vulnerable FTP server.rpm", every Fedora 12 server is vulnerable. Unless you've uninstalled PolicyKit or something else esoteric. It's awesome. Read the whole thread, as the GRSec team says, with a bag of popcorn. There's no Linux security center of gravity. The closest is spender. But he can only keep you honest if you want to be kept honest. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Fedora 12 Fail Dave Aitel (Nov 18)
- Re: Fedora 12 Fail Michael Graham (Nov 18)
- Re: Fedora 12 Fail dan (Nov 19)
- Re: Fedora 12 Fail Kees Cook (Nov 19)
- Re: Fedora 12 Fail Michael Graham (Nov 18)