We want to stop systemd from being added to docker images, because of rpm requiring systemctl.

Andrew Lutomirski luto at mit.edu
Tue Apr 29 19:36:59 UTC 2014


On Tue, Apr 29, 2014 at 12:33 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> simple example:
>
> * binary XYZ is vulerable for privilege escalation

This makes no sense...

> * we talk about a *local* exploit until now

...I don't even know what you're trying to say here...

> * a bad configured webserver allows system-commands through a php-script
>   and i consider that you google for the /e modifier

...and this is already sufficient for a remote exploit.

Can we please move all discussion of "Zomg! This feature would take an
existing security hole and turn it into a security hole with exactly
the same impact" into its own thread or just stop it entirely?  All it
does is distract from real discussion.

--Andy


More information about the devel mailing list