2019-06-12 15:16:40 |
Jeremy Lounder |
description |
The 3rd party resources that are user provided get installed in /usr/local/bin which presents the ability for any user with attach-resource to put arbitrary files on the system for root to run.
To mitigate this, a white list needs to be included for resource installation and only resources with a hash that matches the approved white list will be installed. Specifically sha2 has has been requested by an end user security team. |
The 3rd party resources that are user provided get installed in /usr/local/bin which presents the ability for any user with attach-resource to put arbitrary files on the system for root to run.
To mitigate this, a white list needs to be included for resource installation and only resources with a hash that matches the approved white list will be installed. Specifically sha256 has has been requested by an end user security team. |
|