Hi, after looking at: http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html I wondered if SELinux would not be the right answer to those re-exec exploits. I guess that pulseaudio should run as something like pulseaudio_t which has all caps it needs. Re-exec should not change that as pulseaudio does not need any transformation of context. So short question: Does it work that way?
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil