On 6/13/26 12:04 AM, andy pugh wrote:
I am planning to make a 2.9.9 release. Someone has got a bit excited
that he has found a security vulnerability in LinuxCNC and has told
Debian. It's already fixed[1] but needs pushing to Debian.
Ahem,... LinuxCNC is run as root and HAL will happily load any component
you want into RT and execute in a root environment. There is even an
"open as root" API call for RT. Anybody with access to the machine and
able to start LinuxCNC with a local ini-file pwns the machine by default.
Without knowing which "vulnerability" is meant here, but, I guess,
allowing to run LinuxCNC is the vulnerability?
--
Greetings Bertho
(disclaimers are disclaimed)
_______________________________________________
Emc-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/emc-developers
