[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On 11/18/2009 06:12 PM, Richard Hughes wrote:
2009/11/18 Eric Christensen<eric christensenplace us>:
Has anyone drafted a notice to go out on the Announce List explaining
this vulnerability?  If admins don't know to fix/remove PK then they are
putting their systems at risk.

I'm really bored of this conversation. The bikeshed is blue. There are
much bigger problems in UNIX security than installing signed packages.
We don't set a grub password by default.

Signed does not mean bug-free.

Further, observe the broken logic:

"Because local users might be able to break into the system with effort, it is pointless to have any safeguards at all."

[firefox|pidgin] exploit + PackageKit == trivial remote exploit.

	Jeff




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]