SELinux

[Takehiko Abe]

>> Just count the known incidents of such exploits. ZERO. No WMD.
>
> Hmmm.  Is that why we run it on our systems?  Just for the record I
> cannot discuss anything else, but believe me, the vulnerabilities
> and their exploits do exist.

The "such exploits" refers to buffer overrun type exploits (I don't
know the correct terminology). e.g. the flash exploit reported last
June -- the one that made 64-bit plugin discontinued. Mostly the web
based exploits.

They exploit certain bugs in application/library. But the exploitable
bugs are usually discovered and patched before any actual exploit
takes place. I know none that successfully exploited a linux system
and that is my "ZERO".