Red Hat claims the 'grinch' issue isn't a Linux vulnerability

Linux 'flaw' is claimed a a perfectly normal feature by Red hat.

@smithymayo
Published Thu, Dec 18 2014 7:06 PM CST   |   Updated Tue, Nov 3 2020 12:11 PM CST

Alert Logic has recently informed the public of a "grinch" Linux vulnerability, but according to Red Hat - it's a perfectly normal thing.

Red Hat claims the 'grinch' issue isn't a Linux vulnerability | TweakTown.com

The official reply noted that "this report incorrectly classifies expected behavior as a security issue," through a Red Hat Bulletin released on Wednesday just one day after the report being made public. This was in response to Alert Logic claiming that this Grinch issue may be as large as the previously seen Heartbleed bug, noting that they believe it is a serious design flaw in how Linux handles user permissions.

The flaw is said to enable hackers the ability to gain root access to machines, with Alert Logic further claiming that this Grinch can be exploited through third-party Linux software framework such as Policy Kit. This Red Hat self-made software is listed as an open-source program, and set in place to allow users to install software easily - something that requires root access. If the hackers can take this program over for their own use, that's where much if the problem lies. However Linux doesn't think this is an issue, claiming that root access is how these programs are designed to work.

Jen Andre, co-founder of the Threat Stack security monitoring firm added "if you are trusting users to install any software on your system without a password by using software that leverages Policykit, you are inherently bypassing the authentication and access control built into Linux."

NEWS SOURCE:pcworld.idg.com.au

I'm a competitive gamer and was an eSports employee. Recent changes have seen me hang up the mouse and move over to the technology world, covering all news for TweakTown, ranging from gaming news to opinion articles and the latest tech releases. Expect to see a few different articles on international eSports news and competitive game releases, as well as audio and mobile device content.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles