Daniel J Walsh wrote: > So this exploit, don't you neet to write to /proc? xguest_t should > not be allowed to do this? No, you don't need to be able to write to /proc to exploit the bug. Having read access /proc/kallsyms just makes things a little easier for the attacker. Removing the address of selinux_enforcing from kallsyms doesn't stop the attack, it just makes the attacker work a little harder. Note that the modified exploit that uses kallsyms to find the address of vmsplice and then opens /dev/kmem read/write to do its work would be stopped by SELinux. - todd -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
