[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/4] Harden dmidecode
|
From: |
Jerry Hoemann |
|
Subject: |
Re: [PATCH 0/4] Harden dmidecode |
|
Date: |
Tue, 7 Feb 2023 23:28:30 -0700 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Tue, Feb 07, 2023 at 03:27:52PM +0100, Jean Delvare wrote:
> The following project was brought to my attention:
>
> https://github.com/adamreiser/dmiwrite
>
> The project demonstrates how a very permissive sudo configuration can
> let an attacker abuse dmidecode for privilege escalation. While it
> doesn't exploit any bug in dmidecode, I still consider this a serious
> issue as apparently such permissive sudo configurations can be found in
> the wild.
>
> Therefore, I decided to add some security hardening to dmidecode to
> prevent system administrators from shooting themselves in the foot.
> Hopefully the restrictions I'm adding should not affect regular users
> of dmidecode who are using this tool for its intended purpose.
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
>
> --
> Jean Delvare
> SUSE L3 Support
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------