[Beowulf] Heads up - Stack-Clash local root vulnerability

[Christopher Samuel]

On 22/06/17 06:54, mathog wrote:

> Most end user code would not need to be recompiled, since it does not
> run with privileges.

Ah, that's a very interesting point, the advisory doesn't explicitly
mention it but of course all the CVE's for applications (Exim, sudo, su,
at, etc) relate to to setuid binaries, plus this one:

- a local-root exploit against ld.so and most SUID-root binaries
  (CVE-2017-1000366, CVE-2017-1000379) on amd64 Debian, Ubuntu, Fedora,
  CentOS;

So yes, you are quite right, this (currently) doesn't seem like
something you need to worry about with users own codes being copied onto
the system or containers utilised through Shifter and Singularity which
exist to disarm Docker containers.

Phew, thanks so much for pointing that out! :-)

All the best,
Chris
-- 
 Christopher Samuel        Senior Systems Administrator
 Melbourne Bioinformatics - The University of Melbourne
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545