Another kernel NULL pointer vulnerability
Another kernel NULL pointer vulnerability
Posted Aug 15, 2009 9:36 UTC (Sat) by jamesmrh (guest, #31622)In reply to: Another kernel NULL pointer vulnerability by MarkWilliamson
Parent article: Another kernel NULL pointer vulnerability
The SELinux policy in RHEL5 for unconfined domains (i.e. local logged in users) has no check. Eric's changes will allow the MAC and DAC checks to be properly separated, so SELinux policy can't override DAC in this case. (See Eric's blog entry, it has a much more thorough explanation).
Posted Aug 15, 2009 14:34 UTC (Sat)
by jimmybgood (guest, #26142)
[Link] (1 responses)
Having patched my kernel to 2.6.30.4 in July, this exploit would not run, with vm reporting that the page couldn't be mapped.
The problem is that SELinux is too difficult to configure forcing even quite knowledgeable sysadmins to rely on canned distro configurations, which may or may not be suitable for their particular need. In many situations (where WINE was needed), SELinux _was_ doing the right thing.
The same can be said of the hal, console-kit and policykit consortium. I'd feel more comfortable with an X server running as root, than the new unprivileged X, with hal and friends. The only way I can configure hal is to google a magic invocation and cross my fingers. I'll bet we'll see major exploits using hal, ck and/or pk coming soon.
I'm not sure what the solution is. My work around is to avoid any security solution that I can't comfortably configure and feel that I understand fully what I'm doing. That's never been the case with SELinux. I know there's a parser that will look at the logs and give you a configuration snippet, but I don't know how it works and so I don't trust it.
Posted Aug 15, 2009 16:15 UTC (Sat)
by nix (subscriber, #2304)
[Link]
Another kernel NULL pointer vulnerability
Another kernel NULL pointer vulnerability