El 2009-11-04 a las 14:47 -0500, Shinji Ikari escribió:
Lo acabo de ver en /. pero no he revisado las fuentes y etc. Pero más que a mi, le interesa a los SysAdmins.
http://linux.slashdot.org/story/09/11/04/0320254/Bug-In-Most-Linuxes-Can-Giv... Untrusted-Users-Root?from=rss
Yo recién me pongo a leer. ¿Qué opinan ustedes?
No he leído los comentarios de ./ pero en la nota original se explica el origen del fallo, que apunta a un fallo de "diseño" no tanto a un bug, aunque no sé qué es peor O:-) *** (...) Comments that accompany Spengler's exploit code go on to detail statements Torvalds and other developers are said to have made in group emails discussing the bug. "That does not look like a kernel problem to me at all," Torvalds is quoted as saying in one message. "He's running a setuid program that allows the user to specify its own modules. And then you people are surprised he gets local root?" On that front, at least one security researcher agreed with the Linux team. "Setuid is well-known as a chronic security hole," Rob Graham, CEO of Errata Security wrote in an email. "Torvalds is right, it's not a kernel issue, but it is a design 'flaw' that is inherited from Unix. There is no easy solution to the problem, though, so it's going to be with us for many years to come." *** Saludos, -- Camaleón -- Para dar de baja la suscripción, mande un mensaje a: opensuse-es+unsubscribe@opensuse.org Para obtener el resto de direcciones-comando, mande un mensaje a: opensuse-es+help@opensuse.org