[Dailydave] In defense of Mandatory Access Control,
pageexec at freemail.hu
pageexec at freemail.hu
Tue Apr 7 18:37:02 EDT 2009
On 7 Apr 2009 at 12:47, yersinia wrote:
> There is someone that have already done it, other that write about
> this topic (
> http://etbe.coker.com.au/2007/10/10/how-se-linux-prevents-local-root-exploits/
> )
which part of
(obviously not counting those that are not reachable due to kernel
or policy configuration)."
did you not understand? or are you perhaps suggesting that those kernels
cannot be exploited because one can write a policy that maybe prevent two
bugs from being reachable and there are no other kernel bugs left in there?
will you please expose your own box to the net using this magic kernel? ;)
> Try the selinux play machine - it's only access is root with uid 0.
> http://www.coker.com.au/selinux/play.html
so what valuable data will one find on this machine? nothing? is that all that
SELinux is able to protect?
More information about the Dailydave
mailing list