lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5140.1187190778@turing-police.cc.vt.edu>
Date:	Wed, 15 Aug 2007 11:12:58 -0400
From:	Valdis.Kletnieks@...edu
To:	gshan <gshan@...atel-lucent.com>
Cc:	Bernd Eckenfels <ecki@...a.inka.de>, linux-kernel@...r.kernel.org
Subject: Re: do_coredump and O_NOFOLLOW

On Wed, 15 Aug 2007 16:03:39 +0800, gshan said:

> Bernd, Thanks for your reply. I don't think there are any hostile users 
> on the system. So it's relatively of security. I didn't hear of coreadm 
> tool before, Linux will become more powerful with coreadm.

Well, *right now* you don't have hostile users.  However, that can change, if a
user's password gets compromised (often because they left it on a stick-it note
on the monitor), or if somebody is running Firefox and accidentally hits a
malicious site that exploits a Firefox bug, or if one of your company's
employees didn't get the raise they wanted, so they're quitting and planning to
kill the system on their way out the door....


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ