selinux eradicator?
Jim Cornette
fc-cornette at insight.rr.com
Fri Jun 29 03:38:13 UTC 2007
Mike McCarty wrote:
>
> A machine running current SELinux implementation is provably
> less secure in some senses than one which is not.
>
From a very recent security update for httpd.
Update Information:
The Apache HTTP Server did not verify that a process was an
Apache child process before sending it signals. A local
attacker with the ability to run scripts on the Apache HTTP
Server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on
Fedora if using the default SELinux targeted policy.
Just a passing example.
Jim
More information about the fedora-list
mailing list