From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CD20513829C for ; Wed, 1 Jun 2016 07:11:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9EA8314215; Wed, 1 Jun 2016 07:11:29 +0000 (UTC) Received: from smarthost01c.mail.zen.net.uk (smarthost01c.mail.zen.net.uk [212.23.1.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 818AD224052 for ; Wed, 1 Jun 2016 07:11:28 +0000 (UTC) Received: from [81.108.251.46] (helo=mail.digimed.co.uk) by smarthost01c.mail.zen.net.uk with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1b80JL-000E2P-6q for gentoo-user@lists.gentoo.org; Wed, 01 Jun 2016 07:11:27 +0000 Received: from digimed.co.uk (fenchurch.digimed.co.uk [192.168.1.6]) by mail.digimed.co.uk (Postfix) with ESMTPA id 1E7EE46669F for ; Wed, 1 Jun 2016 08:11:26 +0100 (BST) Date: Wed, 1 Jun 2016 08:11:19 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] CoreOS vulnerability inherited from Gentoo? Message-ID: <20160601081119.7f7c5480@digimed.co.uk> In-Reply-To: <3181100.83d2K62WRd@dell_xps> References: <3181100.83d2K62WRd@dell_xps> Organization: Digital Media Production X-Mailer: Claws Mail 3.13.2-144-g3b6d06 (GTK+ 2.24.30; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/oJwA9blHQLs1yx_nZMrHRVv"; protocol="application/pgp-signature" X-Originating-smarthost01c-IP: [81.108.251.46] X-Archives-Salt: 5950c43e-7e5f-4e6b-853a-abe4d0afaadd X-Archives-Hash: c930387ab03363935a2b553b3627d33a --Sig_/oJwA9blHQLs1yx_nZMrHRVv Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 31 May 2016 18:44:10 +0100, Mick wrote: > > The operator user was not used by CoreOS, but existed because it > > exists in the Gentoo Portage system from which CoreOS is derived. > > > >=20 > > Full read [1]. It kinda shows that CoreOS is derived from Gentoo > > and not ChromeOS; at least when time to blame a security lapse > > elsewhere.... ChromeOS is based on Gentoo, so if CoreOS is based no ChromeOS it is a second generation Gentoo derivative. > Does this mean we need to do anything to improve the security of our > systems? The report seems to be saying that the problem is caused by using the Gentoo default config, which assumes a Gentoo environment. So it's fine on Gentoo. But it won't hurt to run glsa-check from time to time (my sync script does it every time and mails me if there's a problem). --=20 Neil Bothwick Everything else being equal, fat people use more soap. --Sig_/oJwA9blHQLs1yx_nZMrHRVv Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAldOipcACgkQum4al0N1GQNxQQCgymxniK5F2pyvOC3jivwj9AHD SjUAn1A9Qh6G98Gmql3KwOw52Gnfex5m =tCN5 -----END PGP SIGNATURE----- --Sig_/oJwA9blHQLs1yx_nZMrHRVv--