Would SELinux prevent that with the current policy?
Christoph Höger
choeger at cs.tu-berlin.de
Thu Jul 16 17:20:16 UTC 2009
Hi,
after looking at:
http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html
I wondered if SELinux would not be the right answer to those re-exec
exploits. I guess that pulseaudio should run as something like
pulseaudio_t which has all caps it needs.
Re-exec should not change that as pulseaudio does not need any
transformation of context.
So short question: Does it work that way?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090716/a5e32bc6/attachment.sig>
More information about the fedora-selinux-list
mailing list