Today, I received a letter from Charter Communications citing new 'enhancements' that they are planning on sending my way. In the body of the letter, they gave a basic description of deep packet inspection, and AD hijacking.

I have never been a satisfied customer with Charter, its the least reliable internet access that I have used in several years. This letter just adds to my disappointment.

After fooling around with one of my freshly installed, fully patched Fedora linux systems, I found a serious flaw in autofs's configuration file, which can lead to lead to a local user gaining root access without a password in an "out of the box install".

After looking further into the problem, I realized that this configuration vulnerability also affects a default load of CentOS 5 (which is a direct clone of RHEL 5, RedHat's current enterprise linux platform). Coupled with a common PHP script vulnerability, this flaw might even open the door for arbitrary code to be executed as root, from remote, on a webserver.

While /net seems like a nice little feature, it allows any user, with access minimal access on a system, to mount remote nfs filesystems. Is that really the type of power sysadmins need to give to their users?