Walsh: Introducing the SELinux Sandbox
Walsh: Introducing the SELinux Sandbox
Posted May 29, 2009 19:08 UTC (Fri) by Arach (guest, #58847)In reply to: Walsh: Introducing the SELinux Sandbox by hppnq
Parent article: Walsh: Introducing the SELinux Sandbox
> You keep seeing things black and white. So to you, with the right kernel
> patch (grsecurity, I presume) in place, things become "unexploitable" at
> one end of the spectrum, while one vulnerablity in SCTP blows away
> SELinux completely at the other end of the spectrum.
> patch (grsecurity, I presume) in place, things become "unexploitable" at
> one end of the spectrum, while one vulnerablity in SCTP blows away
> SELinux completely at the other end of the spectrum.
Brad was talking about making a *single* class of bugs unexploitable *by design* (with hardware-enforced restrictions of memory management), not about any "things" becoming unexploitable ever.