On Fri, 03 Mar 2006, Loïc Minier wrote: > On Fri, Mar 03, 2006, Henrique de Moraes Holschuh wrote: > > True. But that requires a broken kernel, which we patch regularly as a > > security procedure anyway. Mounting removable filesystems suid,dev allow a > > lot more damage *by design* in the standard Linux security-model. > > And we also support avahi security-wise, and would patch it in the case > of a knwon vulnerability.
Nobody ever implied that avahi is badly maintained. And unless mdns/avahi is somehow being shipped configured in such a way so as to allow for immediate local root priviledge escalations, I don't think I understood the point you wanted to make. I stated that the fact that an hipotetic kernel bug *also* allows for local root exploits through a nosuid,nodev removable filesystem does *not* excuse us to have removable filesystems being mounted suid,dev, which depending on the filesystem type allows for immediate local root privilege escalation, *by* *design*. > Current Earth status: NOT DESTROYED How fortunate, that ;-) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
