The Call for Papers for the 2007 SELinux Symposium has been announced. Submissions close on October 9th.
The symposium will be held in Baltimore again, from March 12-16, 2007.
The Call for Papers for the 2007 SELinux Symposium has been announced. Submissions close on October 9th.
The symposium will be held in Baltimore again, from March 12-16, 2007.
Joshua Brindle has analyzed the recent /proc local privilege escalation vulnerability, CVE-2006-3626, and posted that SELinux targeted policy prevents exploitation.
It’d be an interesting and useful exercise to go back through historical vulnerabilities and determine how many of them would be mitigated by SELinux and similar technologies (Exec-shield, PIE etc.).
Mark Cox wrote an interesting paper, Risk Report: A year of Red Hat Enterprise Linux 4, which mentions that SELinux blocked the Lupper worm (also noting that that the policy version shipped by default would not have blocked a modified version of the worm).
Update:
SELinux mitigation confirmed by SANS. They also mention mounting /proc as nosuid as a workaround.
Here’s a summary of the SELinux-related changes in the recently released 2.6.17 kernel.
Alexey Dobriyan
Darrel Goeddel
Steve Grubb
Serge Hallyn
Dustin Kirkland
Ingo Molnar
James Morris
Jamal Hadi Salim
Stephen Smalley
Ron Yorston
Catherine Zhang
LWN has created a survey to elicit feedback on the quality of the 2.6 kernel series. This is a really important opportunity for the kernel development community to obtain data on how the development process is working, so please consider taking the survey. The results will be presented at the kernel summit by Jon Corbet.