em configuration except the dedicated tools or an editor.
>
>> I'm writing blog about it. When it will be ready, I add link also to
>> this thread.
>
> Thanks. Please let us know about your work.
>
https://lukas-vrabec.com/index.php/2018/11/02/cve-2018-1
+1 SELinux and policy rules.
I open this. I don't start an "'wich hunting" on specific topics.
I think the problem is still in working with SETID and SELinux rules.
( this is not the only way to solve the
https://fedoraproject.org/wiki/Features/RemoveSETUID)
Will be great if we know how applicati
> On Thu, Nov 01, 2018 at 04:33:21PM -0400, Adam Jackson wrote:
>
> If I understand this CVE correctly, it doesn't matter what X server is
> running (if any at all). Do matter what setuid-root Xorg binary is
> installed (or not).
+1
SELinux should block such kind of attacks.
_
> On 11/1/18 5:08 PM, Cătălin George Feștilă wrote:
>
> SELinux can block the exploit if the "unconfined" module is disabled.
Same thoughts here. No main process (by user) should be allowed to overwrite
system configuration except the dedicated tools or an editor.
> I'm writing blog about it. W
> On 11/1/18 5:08 PM, Cătălin George Feștilă wrote:
>
> SELinux can block the exploit if the "unconfined" module is disabled.
Same thoughts here. No main process (by user) should be allowed to overwrite
system configuration except the dedicated tools or an editor.
> I'm writing blog about it. W
On 11/1/18 5:08 PM, Cătălin George Feștilă wrote:
> Good to know.
> I don't know all about of these problems (setuid and protect with
> SELinux - can de an good idea ).
> I used F28, I think also is not fixed with F29.
> $ ls -l /usr/libexec/Xorg.wrap
> -rwsr-xr-x. 1 root root 11376 Apr 23 2018
On Thu, Nov 01, 2018 at 04:33:21PM -0400, Adam Jackson wrote:
> On Thu, 2018-11-01 at 13:08 -0500, Chris Adams wrote:
> > Once upon a time, Jiri Eischmann said:
> > > I wonder if Fedora has even been affected. I was not able to reproduce
> > > the exploit on Fedora 29 Workstation (with Xorg older
On Thu, 2018-11-01 at 13:08 -0500, Chris Adams wrote:
> Once upon a time, Jiri Eischmann said:
> > I wonder if Fedora has even been affected. I was not able to reproduce
> > the exploit on Fedora 29 Workstation (with Xorg older than the one
> > fixing the issue).
>
> IIRC F29 Workstation uses Way
Once upon a time, Jiri Eischmann said:
> I wonder if Fedora has even been affected. I was not able to reproduce
> the exploit on Fedora 29 Workstation (with Xorg older than the one
> fixing the issue).
IIRC F29 Workstation uses Wayland, not X, right?
--
Chris Adams
_
On Thu, 2018-11-01 at 16:33 +0200, Cătălin George Feștilă wrote:
> https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
Forgive me, it's been a stressful week.
https://bodhi.fedoraproject.org/updates/FEDORA-2018-839720583a
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a
Chris Adams píše v Čt 01. 11. 2018 v 09:53 -0500:
> Once upon a time, Cătălin George Feștilă
> said:
> > Thank you!
> >
> > On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald <
> > h.rei...@thelounge.net> wrote:
> >
> > >
> > > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă:
> > > > https://www.
Good to know.
I don't know all about of these problems (setuid and protect with SELinux
- can de an good idea ).
I used F28, I think also is not fixed with F29.
$ ls -l /usr/libexec/Xorg.wrap
-rwsr-xr-x. 1 root root 11376 Apr 23 2018 /usr/libexec/Xorg.wrap
On Thu, Nov 1, 2018 at 5:44 PM Chris A
On Thu, Nov 01, 2018 at 04:33:47PM +0200, Cătălin George Feștilă wrote:
> https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
https://bugzilla.redhat.com/show_bug.cgi?id=1643131
--
Tomasz Torcz "Never underestimate the bandwidth of a station
xmpp: zdzich...@c
Once upon a time, Cătălin George Feștilă said:
> Thank you!
>
> On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald wrote:
>
> >
> >
> > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă:
> > > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
> >
> > https://fedoraproject.org
On 01/11/2018 14:33, Cătălin George Feștilă wrote:
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
Just sending a URL to the list is not very helpful - you need
to explain what you expect us to do with it, or what the question
is that would like answered.
That CVE is
Thank you!
On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald wrote:
>
>
> Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă:
> > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
>
> https://fedoraproject.org/wiki/Features/RemoveSETUID
> Targeted release: Fedora 15
>
> ls -la
https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-cond
17 matches
Mail list logo