Posted Nov 26, 2004 4:38 UTC (Fri) by spender
In reply to: Civilizing SELinux
Parent article: Civilizing SELinux
When can we expect to see Fedora fix their information leaking glibc that makes arbitrary code execution trivial for suid apps?
When can we expect to see the Fedora project implement their own quality assurance that would prevent the frequent crop of problems involving marking PT_GNU_STACK on libraries where it is unnecessary, silently removing any NX protection for all processes that load the libraries?
When can we expect RedHat developers, when presented with bugs of the above type in their poorly engineered distribution by users of PaX/grsecurity, to fix the mentioned bugs, instead of completely dismissing them without even understanding them?
How about a little less SELinux hype, and a little more time spent on understanding security? It's clear RedHat is more interested in buzzwords and making a mockery of people involved in real security research. The longer you continue your propoganda machine, telling your users that "crypto-signed modules stop rootkits" and "SELinux turns a potential system compromise into WORST CASE modified DNS replies," the more you are lulling them into a false sense of security.
Let's not tell the users about kernel exploits (which are more prevalent now than bugs in suid apps) or how easy it is to execute arbitrary code on a default fedora install, because our image as great pioneers in the field of security (which has amounted to cheap ripoffs of code present 3 years prior to RedHat ever entering the game) is much more important than the security of our users.
I've also wondered why RedHat is so unnecessarily anal on the side of access control to be using SELinux, but so overwhelming lax on the side of stopping exploits in the first place to be using Exec-Shield. This conflict is confusing to me, as it seems the latter is more important.
Immunity has exploits that work *reliably* against Fedora with Exec-Shield. Of course, as Immunity doesn't release exploits, your precious image won't be tainted, which is what you really care about, right? Want to bet that if someone were to send a mail to FD and Bugtraq demanding that Fedora fix their information leaking glibc that they've refused to fix for months now, it would be fixed? Why do you think that is? It's easy to blow off your security problems as long as they hide in your bug tracking system, outside of the view of the general public.
to post comments)