|
Message-ID: <CAN0s7yQTf4iP1ee54dsjbEj=B+WsiwEzJ_o89tLeq2iNpBmm1g@mail.gmail.com> Date: Wed, 17 Dec 2014 19:15:10 +0200 From: Elad Alfassa <elad@...oraproject.org> To: oss-security@...ts.openwall.com Subject: Re: What is the "Grinch" polkit/wheel group issue? This is not a vulnerability, this is expected behaviour. On Wed, Dec 17, 2014 at 7:00 PM, Marcus Meissner <meissner@...e.de> wrote: > > Hi, > > This probably needs a CVE too, or does it have one? > > https://www.alertlogic.com/blog/dont-let-grinch-steal-christmas/ > > http://www.pcworld.com/article/2860032/this-linux-grinch-could-put-a-hole-in-your-security-stocking.html > > Although it seems that the user is in the "wheel" group for this to be > exploitable > and is hard to specify what actions should be safed by another query or > which should not. > > Ciao, Marcus > -- -Elad Alfassa.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.