On 22/06/17 06:54, mathog wrote: > Most end user code would not need to be recompiled, since it does not > run with privileges.
Ah, that's a very interesting point, the advisory doesn't explicitly mention it but of course all the CVE's for applications (Exim, sudo, su, at, etc) relate to to setuid binaries, plus this one: - a local-root exploit against ld.so and most SUID-root binaries (CVE-2017-1000366, CVE-2017-1000379) on amd64 Debian, Ubuntu, Fedora, CentOS; So yes, you are quite right, this (currently) doesn't seem like something you need to worry about with users own codes being copied onto the system or containers utilised through Shifter and Singularity which exist to disarm Docker containers. Phew, thanks so much for pointing that out! :-) All the best, Chris -- Christopher Samuel Senior Systems Administrator Melbourne Bioinformatics - The University of Melbourne Email: sam...@unimelb.edu.au Phone: +61 (0)3 903 55545 _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
