On Fri, 14 Aug 2009, Stefano Carucci wrote: > > Hello all. > > I would like to pose some questions on the type of attacks that SELinux offers a protection from. > > In particular: > 1. What are the type of attacks that are inhibited? The aim for the general case is to contain software vulnerabilities in userland code. Note that in commonly shipped general purpose policies, local login users are not confined by default; the emphasis is on locking down network facing services. > 2. What are those that are not, because not explicitly designed for, and may still affect the system? As mentioned, local login users are generally not confined by SELinux policy in Fedora-based systems, although this is a matter of policy design; it's not inherent to SELinux itself. There are some examples of confining local users, such as Kiosk Mode (install the xguest package), and work in this area generally is expected to continue. SELinux operates at the kernel level, so vulnerabilities in the kernel itself may reduce or disable the protection of SELinux. Other mechanisms are required to protect the kernel. > 3. Is there any countermeasure against DoS attacks? No. A lot of information on SELinux is available here: http://selinuxproject.org/page/User_Resources This is a very brief overview: http://www.slideshare.net/jamesmorris/lf-japan-08-talk -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
