skp51443 Posted January 11, 2015 Report Share Posted January 11, 2015 I couldn't resist this one, sure hope you aren't running Red Star Linux as it has some issues. :-)http://www.theregister.co.uk/2015/01/11/surprise_norks_linux_disto_has_security_vulns/SURPRISE: Norks Linux disto has security vulns ---- (Nork = North Korean in British slang)Red Star turns into death star Well, that didn't take long: mere days after North Korea's Red Star OS leaked to the west in the form of an ISO, security researchers have started exposing its vulnerabilities.According to this post at Seclists, the udev rules in version 3.0 of the US and the rc.sysint script in version 2.0 are both world-writable. Both of these have root privilege.Because of the slack file permission management in Red Star 3.0, the device manager for HP 1000-series LaserJet printers, /etc/udev/rules.d/85-hplj10xx.rules, can be modified to include RUN+= arguments. These commands will run on on the udev daemon as root. There's a demonstration at github. Maybe Sony can get their revenge before a patch comes out? (Too soon?) First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day. Sell a customer a Windows computer and you'll eat for a lifetime. Link to comment Share on other sites More sharing options...
wa_desert_rat Posted January 11, 2015 Report Share Posted January 11, 2015 Maybe Sony can get their revenge before a patch comes out? (Too soon?) Maybe they're not as sophisticated as we have been led to believe. I also heard rumors that their "nuclear bomb" was actually a regular bomb wrapped in radioactive material; a "dirty" bomb not a nuclear bomb. WDR 1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks 1999 Jeep Wrangler, 4" lift and 33" tires Raspberry Pi Coach Computer Ham Radio Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.