LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux, with hardware accelerated OpenGL!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Security-Enhanced Fedora Core 2

Security-Enhanced Fedora Core 2

Posted Jan 15, 2004 14:45 UTC (Thu) by ballombe (subscriber, #9523)
Parent article: Security-Enhanced Fedora Core 2

> Even if an attacker is successful in obtaining superuser privileges (as
> was the case in the recently compromised Debian machines), the attacker
> will not be able to modify the critical parts of the system - there is
> no such thing as "chmod 777" on a SELinux system.

It has been shown that the Debian compromise was due to the kernel brk
exploit that was not blocked by the use of SE Linux or other kernel
security patch.

This exploit lead not to super-user priviledge but to kernel-level
priviledge, as does the new mremap() exploit. This allows to bypass
SE Linux entirely.

The LWN had made high-quality articles on this the story so I am suprised
to see here a statement that seems to imply SE Linux would have prevented
the Debian compromise.

(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds