[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
A. P. Garcia
a.phillip.garcia at gmail.com
Sun May 20 13:26:48 EDT 2018
On Thu, May 17, 2018, 4:53 PM Solomon Peachy via Ale <ale at ale.org> wrote:
> On Thu, May 17, 2018 at 03:52:26PM -0400, Raj Wurttemberg via Ale wrote:
> > Really?? I know that all of our network gear AND servers are static. I
> only
> > use DHCP on client and WiFi networks.
>
> We had a master list of IP<->MAC addresses, and that was used to
> generate DNS/rDNS, DHCP tables, and kickstart configurations. No
> hand-edited anything. No accidentally using someone else's address or
> misconfiguring some other parameter.
>
> It meant everything got set up the same way, and didn't rely on being
> able to remotely access a system to make configuration changes
> (ala ansible/etc) that tend to go along with taking a system out of test
> into production. (or flaky BMCs or network KVM switches!)
>
> - Solomon
>
Ah, that sounds like a DIY solution, and a rather good one! Would you care
to share any design or implementation decisions and details?
Thank you,
Phil Garcia
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180520/08c3d23b/attachment.html>
More information about the Ale
mailing list