Recent bash vulnerability and SELinux containment
Dmitry Makovey
dmitry at athabascau.ca
Thu Sep 25 17:37:57 UTC 2014
Hi everybody,
while the whole "bash"-storm is gaining force is it reasonable to
develop SELinux policy prohibiting bash invocations from daemons'
contexts to have access to anything but a tiny sandbox? Has anybody
attempted such thing?
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140925/cac0c15d/attachment.sig>
More information about the selinux
mailing list