[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PIE/selinux security question.



Hi 1
 Acording to PIE randomization and to the fact that in FC1/FC2 especialy 
upcoming FC3 have all network daemons builded with PIE and acording to fact 
that in FC3 we now have ready made targeted+enforced policy for daemons, what 
posibility is still left if supose i dont use any updates for years for 
daemons to remote exploit it ?
 
 I am not an intrinsyc glibc/kernel system knowledger, readed about PIE but 
still need an strong advice that PIE+selinux can bring an unexploitable 
system without requiring updates or track security list for posible 
vulnerabilities in time.

 Can comment someone on this ? I would like to hear something positive 
experience from admins on this list with these facilities, especialy how calm 
can i sleep in the night dont bothering about updates and other sec. isues.

Are realy these facilities something like OpenBSD slogan: "Only one remote 
hole in 7 years"

Thanks in advance.

~cristian


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]