On Tuesday 31 May 2016 16:30:27 James wrote: > Here is an interesting read:: > > Security brief: CoreOS Linux Alpha remote SSH issue > May 19, 2016 ยท By Matthew Garrett > > <snippets> > > Gentoo defaults to ending the PAM configuration with an optional pam_permit. > > This meant that failing both pam_unix and pam_sss on CoreOS systems would > surprisingly result in authentication succeeding, and access being granted. > > The operator user was not used by CoreOS, but existed because it exists in > the Gentoo Portage system from which CoreOS is derived. > <end/snippets> > > Full read [1]. It kinda shows that CoreOS is derived from Gentoo > and not ChromeOS; at least when time to blame a security lapse elsewhere.... > > > enjoy, > James > > [1] https://coreos.com/blog/
Does this mean we need to do anything to improve the security of our systems? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
