Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Thu, 28 Jul 2011 12:19:23 +0200

Huzaifa Sidhpurwala <huzaifas () redhat com>

On 07/28/2011 03:34 PM, Tavis Ormandy wrote:

Interesting, I also looked at systemtap and found a local root
(CVE-2010-4170), but was under the impression we had agreed it should be
restricted to a privileged group?


I stopped looking because I concluded that had eliminated any security
risk, is that no longer the case?

I believe this does reduce the risk, but does not totally eliminate it.

Oh I see, the group restriction is still in place, but you still support
adding unprivileged users to the group?

Understood, I think that sounds reasonable.


taviso () cmpxchg8b com | pgp encrypted mail preferred

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]