On Fri, 14 Aug 2009, Stefano Carucci wrote: > > > Two further questions: > > 1. Does SELinux provide any countermeasure against buffer overflows attacks? Here's some information on memory protection checks which may be controlled via SELinux policy: http://people.redhat.com/drepper/selinux-mem.html > 2. I read about the possibility of keeping processes from forking. > Wouldn't you consider this as a protection from DoS attacks? That could be effective in this case (as would resource limits), but SELinux is not generally designed to counteract DoS attacks. - James -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
