Walsh: Introducing the SELinux Sandbox
Posted May 28, 2009 14:57 UTC (Thu) by hppnq
In reply to: Walsh: Introducing the SELinux Sandbox
Parent article: Walsh: Introducing the SELinux Sandbox
Why's it such a bad idea to make classes of vulnerabilities unexploitable and thus prevent someone from being able to take advantage of an applicable vulnerability for the purpose of arbitrary code execution in the kernel?
It is not a bad idea, although I can't see what you mean by "unexploitable". What I was trying to say is not rocket science, nor is it clouded in riddles.
I never talked about ruling out kernel bugs, you did.
Why on earth do you waste your time on this? Yes, I confess: I did mention ruling out kernel bugs. I invite you to read it again.
Anyway. That Usenix article about automated kernel patching was quite interesting, but also quite silly. Talk about academic pie-in-the-sky solutions. Talk about ruling out kernel bugs.
to post comments)