|
Dailydave
mailing list archives
Re: In defense of Mandatory Access Control,
From: pageexec () freemail hu
Date: Wed, 08 Apr 2009 00:37:02 +0200
On 7 Apr 2009 at 12:47, yersinia wrote:
There is someone that have already done it, other that write about
this topic (
http://etbe.coker.com.au/2007/10/10/how-se-linux-prevents-local-root-exploits/
)
which part of
(obviously not counting those that are not reachable due to kernel
or policy configuration)."
did you not understand? or are you perhaps suggesting that those kernels
cannot be exploited because one can write a policy that maybe prevent two
bugs from being reachable and there are no other kernel bugs left in there?
will you please expose your own box to the net using this magic kernel? ;)
Try the selinux play machine - it's only access is root with uid 0.
http://www.coker.com.au/selinux/play.html
so what valuable data will one find on this machine? nothing? is that all that
SELinux is able to protect?
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
