|
|
Log in / Subscribe / Register

Walsh: Cool things with SELinux... Introducing sandbox -X

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 14:44 UTC (Fri) by hppnq (guest, #14462)
In reply to: Walsh: Cool things with SELinux... Introducing sandbox -X by PaXTeam
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X

Oh, you mean you could have picked any 0day that the Linux kernel is vulnerable to, to show that the SELinux sandbox would not prevent against this kind of attack, and that actual security has more to do with solving this problem than considering why one would be running performance counters on a system where untrusted users are lining up to disarm SELinux?

That is enlightening.

to post comments

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 15:15 UTC (Fri) by PaXTeam (guest, #24616) [Link]

regarding who will or will not be running with PERF_COUNTERS: your guess is as good as mine about what distros will do once they begin to release .31+ kernels. but given the apparent need for more 'live analysis' everywhere from servers to desktops, i would place my bet on them enabling this feature as well so the majority of linux users will actually have it enabled.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds