On Fri, Mar 20, 2009 at 1:38 AM, justinmattock@xxxxxxxxx <justinmattock@xxxxxxxxx> wrote: > > Out of concern > How secure is ncurses base apps? > i.g. running alsamixer generates no avc's, > as well as alpine. > Well it all depends on what they are doing, and what you mean by secure, and how you want it contained. Most ncurses vulnerabilities seem to be text overflows that allow for the malware to run as the user that is exploited. Thus if there was an ncurses vulnerability AND an email was sent with said vulnerability, alpine could be used to over-write data as the context of the user. The fact that there are no avc's does not indicate security of the application if the application does not do anything that it wasn't supposed to do. [Attempting to prove a negative?] -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
