[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: vmsplice Local Root Exploit



On Mon, Feb 11, 2008 at 11:16:04AM +0100, Valent Turkovic wrote:
> Just to clarify. I'm interested how safe is fedora in general with this 
> king of exploits... and does my argument for not having selinux on 
> desktop fedora cd versions is justified.

SELinux will stop a server exploit becoming a shell exploit becoming a root
exploit via this in many cases. If you've got SELinux running you can also 
change the ruleset to say nobody running under SELinux can use vmsplice.

In that sense it offers something.

If your users run unconstrained and found out about it before you then it
won't materially help.

Alan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]