From: Alexei_Roudnev (Alexei_Roudnev_at_exigengroup.com)
Date: Tue Apr 10 2007 - 19:40:16 CEST
Message-ID: <177e01c77b97$4d47d5a0$6f31a8c0@sjc.exigengroup.com> From: "Alexei_Roudnev" <Alexei_Roudnev@exigengroup.com> Date: Tue, 10 Apr 2007 10:40:16 -0700 Subject: Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)
It is not low priority, but I dont know ANYONE who do allow running *sh
without jailing or partitioning (and esp. on Linuxes - FreeBSD and
Solaris are safer in this way).
If someone have user's account on my server, I always trust him by some way.
If I dont trust, I always jail this account (chroot, jail, and so on).
It is an axiom for at least 10 year for now. Number of _local_
vulnurabilities bnever been 0 on any Unix / Linux (except may be NetBSD).
----- Original Message -----
From: "Felix Schulte" <felix.schulte@gmail.com>
To: "Alexei_Roudnev" <Alexei_Roudnev@exigengroup.com>
Cc: <suse-sles-e@suse.com>
Sent: Tuesday, April 10, 2007 8:37 AM
Subject: Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse
ksh(93)
> On 4/9/07, Alexei_Roudnev <Alexei_Roudnev@exigengroup.com> wrote:
> > These all are very low impact problems, because no one allows ksh access
to
> > the users without FreSBD jail or Solaris partitioning or SuSe XEN.
> I disagree. This is a high-priority problem which can be used to
> compromise a system via enhancing the current users privileges. That's
> very bad.
> --
> _ Felix Schulte
> _|_|_ mailto:felix.schulte@gmail.com
> (0 0)
> ooO--(_)--Ooo
>
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Tue Apr 10 2007 - 21:46:56 CEST