Monthly Archives: July 2006

SELinux blocks CVE-2006-3626 (local privilege escalation)

Joshua Brindle has analyzed the recent /proc local privilege escalation vulnerability, CVE-2006-3626, and posted that SELinux targeted policy prevents exploitation.

It’d be an interesting and useful exercise to go back through historical vulnerabilities and determine how many of them would be mitigated by SELinux and similar technologies (Exec-shield, PIE etc.).

Mark Cox wrote an interesting paper, Risk Report: A year of Red Hat Enterprise Linux 4, which mentions that SELinux blocked the Lupper worm (also noting that that the policy version shipped by default would not have blocked a modified version of the worm).

Update:
SELinux mitigation confirmed by SANS. They also mention mounting /proc as nosuid as a workaround.

SELinux changes in the 2.6.17 kernel

Here’s a summary of the SELinux-related changes in the recently released 2.6.17 kernel.

Alexey Dobriyan

Darrel Goeddel

Steve Grubb

Serge Hallyn

Dustin Kirkland

Ingo Molnar

James Morris

Jamal Hadi Salim

Stephen Smalley

Ron Yorston

Catherine Zhang

  • TCP/UDP getpeersec. This provides a mechanism for applications to determine the security context of peers they’re communicating with, via IPSec xfrm labeling. For TCP, there’s a new SO_GETPEERSEC option for getsockopt() which returns the peer security context. For UDP, the peer security context may be retrieved on a per-message basis after setting a new IP_PASSEC socket option, then accessing the value via CMSG auxiliary data.
  • Authorize deletion of IPSec/xfrm labeling policies.

LWN Linux kernel quality survey

LWN has created a survey to elicit feedback on the quality of the 2.6 kernel series. This is a really important opportunity for the kernel development community to obtain data on how the development process is working, so please consider taking the survey. The results will be presented at the kernel summit by Jon Corbet.