Expanding the list of "Hardened Packages"
Colin Walters
walters at verbum.org
Mon Apr 15 14:25:02 UTC 2013
On Mon, 2013-04-15 at 09:12 +0100, Richard W.M. Jones wrote:
> which I interpret to mean that after using -fstack-protector-all and
> removing prelink, SELinux would become obsolete because no executable
> can be exploited.
No; there are plenty of exploits which aren't due to buffer overflows.
Particularly in the era of web applications; a lot of people just toss
up a Django or Ruby on Rails app, but it's *so* easy in those frameworks
to have a bug that allows arbitrary code execution in the context of the
service.
SELinux is a good match for these sorts of apps, we just don't
have the management tools and documentation to make it easy for web
application authors to use.
More information about the devel
mailing list