Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Monday, November 29, 2010 08:50 PM, Marko Vojinovic wrote:

> Well, the kernel I used at the time had a known exploit (exploitable by some
> services I was running), and the intruder got advantage of that. Of course, it
> was partly my fault, because I didn't restart those machines for a long time,
> so the updated kernel wasn't running on them.
>
> So yes, I agree, if I took good care of the rest of the system nothing serious
> would have happened. But in this particular case SELinux saved my skin, since
> the third machine could take the load from the first two while these were
> kickstarted by a friend of mine... :-)
>

There is also the case of recently discovered exploits. Like the one in 
phpmysqladmin that was made known in September. Okay, the HQ chap was 
inept in allowing anybody to access phpmysqladmin imagining that the 
password protection was sufficient and at the same time allowing access 
to setup.php from anyone on the Net so he could have prevented it the 
whole thing in the first place without the protection of SELinux. But 
had he had SELinux running, it could have foiled the upload of the bot 
and subsequent execution.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux