clock riddle
Michal Jaegermann
michal at harddata.com
Tue Feb 24 17:58:13 UTC 2009
On Tue, Feb 24, 2009 at 10:47:57AM -0700, Michal Jaegermann wrote:
> On Tue, Feb 24, 2009 at 08:42:56AM -0500, Steve Grubb wrote:
> > On Tuesday 24 February 2009 01:40:40 am Gregory Maxwell wrote:
> > > This shouldn't have been sent to this list: It should have been filed
> > > as a confidential bug, it's CERT announcement material. I guess its
> > > too late now.
> >
> > Yes, I think so, too. From a security PoV, this creates a big problem in log
> > correlation.
>
> This is public as https://bugzilla.redhat.com/show_bug.cgi?id=450304
> for close to nine months now.
BTW - defaults are really trivial to fix and it is very easy to
repair that on any particular system. The problem is, of course,
that now you have to check every single one and changing defaults
with a help of polkit-action does not automatically revoke already
self-granted priviledges. The next headache.
Michal
More information about the test
mailing list