On 06/05/2020 12.02, haaber wrote:
>> did any of you actually bother to look at the problem?
>> because i am 99% sure this doesnt apply to qubes. at all.
>> (also you are several days late on this...)
>>
>> this seems to be the original source and contains a fairly
>> good writeup:
>>
>> https://labs.f-secure.com/advisories/saltstack-authorization-bypass
>
> Thanks for the source. How do you infer that this "doesn't apply" (and
> maybe "did never apply") to qubes? Recall my question: where does salt
> appear "under the hood" in qubes? This question seems relevant, since at
> least I (almost) never invoke salt by hand. Is that not a reasonable
> question? Explain.
>
No Salt master in Qubes -> no remoting exploit.
--
Rudd-O
http://rudd-o.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5a58f9ab-de85-c992-6e9b-207cfc524211%40rudd-o.com.
