We want to stop systemd from being added to docker images, because of rpm requiring systemctl.
h.reindl at thelounge.net
Tue Apr 29 20:41:38 UTC 2014
Am 29.04.2014 22:22, schrieb Chris Adams:
> Once upon a time, Reindl Harald <h.reindl at thelounge.net> said:
>> don't get me wrong but you are talking bullshit
> Put up or shut up
i shut when i say - not when you say
google as example for CVE-2014-0038 and as i already explained
you: a attacker has no shell, you have two ways to force a existing
local exploit by a web-application:
A: try to get a complete script on the machine and execute it
B: find a very likely present binary and bring it to do the
rest of the attack for you with arbitary input
if you find B it's much easier because pass unsanitized input
to a web-script calling system() with it is one thing,
find a way to create a local file with whatever input you like
and execute it finally is a complete different world and needs
much more than one security problem in the web-application
>> you can't download whatever you like to do in any random situation
>> and excutue it like in a sehll - if you have only *one command* through
>> a web application you need to achieve that this single command triggers
>> the whole attack surface down to the critical component giving you
>> root access
> If you can't explain how a non-privileged binary can result in a
> privilege escalation, then you are wrong. You need to go up-thread and
> read what I was responding to and show how it is wrong.
in case it don't sanitize user input, calling a already running
privileged process and feed it with arbitary input damend
do you really pretend that never happened in the past?
and no i do not get paied to seek archives for you!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 246 bytes
Desc: OpenPGP digital signature
More information about the devel