LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

System calls and rootkits

System calls and rootkits

Posted Sep 14, 2008 16:35 UTC (Sun) by spender (subscriber, #23067)
In reply to: System calls and rootkits by geertj
Parent article: System calls and rootkits

Yea, it worked great against that exploit I wrote that disabled SELinux.

Sorry, but once you compromise the kernel, SELinux is useless.

-Brad

(Log in to post comments)

System calls and rootkits

Posted Sep 22, 2008 11:40 UTC (Mon) by robbe (guest, #16131) [Link]

> that exploit I wrote that disabled SELinux.

URL?

> Sorry, but once you compromise the kernel, SELinux is useless.

Nobody will argue that. Not that your parent post talks about "running as
root", not "in the kernel".

System calls and rootkits

Posted Sep 22, 2008 20:49 UTC (Mon) by nix (subscriber, #2304) [Link]

If you're root there are a simply enormous number of ways to compromise
the kernel or DoS the box to its knees. Maybe SELinux will eventually be
able to plug them all but it's not there yet.

(I saw one product for Solaris many years ago whose salesman claimed that
it protected the box from denials of service under 'all conditions',
specifically including conditions requiring physical access. I disproved
this bizarreclaim in the obvious way: pulling the plug.)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds