[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On Wed, Nov 18, 2009 at 5:18 PM, Jeff Garzik <jgarzik pobox com> wrote:
>
> You forget we have botnets doing distributed cracking now.

But...if you've cracked the root password, there are rather easier
(and less audited) routes to trojaning the system than adding a third
party yum repository and downloading your malicious RPM.

> And this enormous security hole of a policy change was done with next to
> /zero/ communication, making it likely that many admins will not even know
> they are vulnerable until their kids install a bunch of unwanted packages.

I think you are correct that the change could have been documented better.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]