Proof is in the pudding
Trevor Hemsley
trevor.hemsley at ntlworld.com
Fri May 17 01:32:12 UTC 2013
On 17/05/13 01:03, Douglas Brown wrote:
> Hi all,
>
> You may have seen this vulnerability talked about
> recently: http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/
>
> After a long time of evangelising about SELinux to my sceptical
> colleagues, this seemed like the perfect opportunity to test it.
>
> We tried the exploit with SELinux in permissive mode and it worked then
> in enforcing and SELinux prevented it! Not that I'm surprised, but it's
> nice to have a real-world exploit to demonstrate.
Unfortunately, whatever you tested was not this.
$ ls -la sem*
-rwxrwxr-x. 1 trevor trevor 10007 May 14 13:39 semtex
-rw-rw-r--. 1 trevor trevor 2488 May 14 13:39 semtex.c
$ getenforce
Enforcing
$ uname -a
Linux hostname 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC
2013 x86_64 x86_64 x86_64 GNU/Linux
$ ./semtex
2.6.37-3.x x86_64
sd at fucksheep.org 2010
-sh-4.1#
Sorry.
Trevor
More information about the selinux
mailing list