SELinux and the bash exploit.
Miroslav Grepl
mgrepl at redhat.com
Fri Sep 26 11:07:20 UTC 2014
On 09/26/2014 09:03 AM, James Hogarth wrote:
>
>
> On 25 September 2014 22:40, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
> https://danwalsh.livejournal.com/71122.html
>
>
> Good article Dan ... it says clearly what I've been trying to drum
> into people's heads about the role it takes and how it confines the
> activity but an exploit that stays within the confines of that
> activity ... well it has to be allowed or else the standard activity
> would fail ;)
>
>
Yes. I also got a lot of questions how SELinux helps us with this
exploit. I believe SELinux helps as much as possible here how Dan wrote
in his blog.
Of course, there are also booleans to make a system with SELinux more
restrictive. Also confined users.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140926/c836e898/attachment.html>
More information about the selinux
mailing list