vmsplice Local Root Exploit
Alan Cox
alan at redhat.com
Mon Feb 11 11:27:14 UTC 2008
On Mon, Feb 11, 2008 at 11:16:04AM +0100, Valent Turkovic wrote:
> Just to clarify. I'm interested how safe is fedora in general with this
> king of exploits... and does my argument for not having selinux on
> desktop fedora cd versions is justified.
SELinux will stop a server exploit becoming a shell exploit becoming a root
exploit via this in many cases. If you've got SELinux running you can also
change the ruleset to say nobody running under SELinux can use vmsplice.
In that sense it offers something.
If your users run unconstrained and found out about it before you then it
won't materially help.
Alan
More information about the fedora-devel-list
mailing list