Benjy Grogan wrote:
On 7/15/06, Dawid Gajownik <gajownik@xxxxxxxxx> wrote:
Dnia 07/15/2006 07:03 AM, Użytkownik Dave Jones napisał:
> There's another vulnerability that has been announced today, and
> another -stable got pushed out this evening.
You mean CVE-2006-3626? In this mail →
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047921.html
they suggest mounting /proc as nosuid. Could this be done by default in
FC6+ or does this break some things.
BTW SELinux can stop this attack →
http://www.redhat.com/archives/fedora-selinux-list/2006-July/msg00071.html
:D
Wow. That's great to know. There should be a list of every security
vulnerability that SELinux has stopped or limited. Maybe reported at
Fedoranews.org as they occur. You rarely hear about when SELinux does
what it was designed for.
I have send a note to the fedora news editor. We do carry information on
where SELinux has prevented or substantially reduced the severity of
the issue but these probably can be advertised better.
Examples can be found in
http://www.redhat.com/magazine/017mar06/features/riskreport/
http://people.redhat.com/mjc/metrics.html
Rahul
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
