PIE/selinux security question.
Balint Cristian
rezso at rdsor.ro
Thu Oct 14 13:20:02 UTC 2004
Hi 1
Acording to PIE randomization and to the fact that in FC1/FC2 especialy
upcoming FC3 have all network daemons builded with PIE and acording to fact
that in FC3 we now have ready made targeted+enforced policy for daemons, what
posibility is still left if supose i dont use any updates for years for
daemons to remote exploit it ?
I am not an intrinsyc glibc/kernel system knowledger, readed about PIE but
still need an strong advice that PIE+selinux can bring an unexploitable
system without requiring updates or track security list for posible
vulnerabilities in time.
Can comment someone on this ? I would like to hear something positive
experience from admins on this list with these facilities, especialy how calm
can i sleep in the night dont bothering about updates and other sec. isues.
Are realy these facilities something like OpenBSD slogan: "Only one remote
hole in 7 years"
Thanks in advance.
~cristian
More information about the fedora-list
mailing list