Red Hat claims the 'grinch' issue isn't a Linux vulnerability

Alert Logic has recently informed the public of a "grinch" Linux vulnerability, but according to Red Hat - it's a perfectly normal thing.

The official reply noted that "this report incorrectly classifies expected behavior as a security issue," through a Red Hat Bulletin released on Wednesday just one day after the report being made public. This was in response to Alert Logic claiming that this Grinch issue may be as large as the previously seen Heartbleed bug, noting that they believe it is a serious design flaw in how Linux handles user permissions.

The flaw is said to enable hackers the ability to gain root access to machines, with Alert Logic further claiming that this Grinch can be exploited through third-party Linux software framework such as Policy Kit. This Red Hat self-made software is listed as an open-source program, and set in place to allow users to install software easily - something that requires root access. If the hackers can take this program over for their own use, that's where much if the problem lies. However Linux doesn't think this is an issue, claiming that root access is how these programs are designed to work.

Jen Andre, co-founder of the Threat Stack security monitoring firm added "if you are trusting users to install any software on your system without a password by using software that leverages Policykit, you are inherently bypassing the authentication and access control built into Linux."