Re: In defense of Mandatory Access Control,

[pageexec () freemail hu]

On 7 Apr 2009 at 12:47, yersinia wrote:

> There is someone that have already done it, other that write about
> this topic (
> http://etbe.coker.com.au/2007/10/10/how-se-linux-prevents-local-root-exploits/
> )

which part of

  (obviously not counting those that are not reachable due to kernel
  or policy configuration)."

did you not understand? or are you perhaps suggesting that those kernels
cannot be exploited because one can write a policy that maybe prevent two
bugs from being reachable and there are no other kernel bugs left in there?
will you please expose your own box to the net using this magic kernel? ;)

> Try the selinux play machine - it's only access is root with uid 0.
> http://www.coker.com.au/selinux/play.html

so what valuable data will one find on this machine? nothing? is that all that
SELinux is able to protect?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave