On Mon, Oct 24, 2016 at 9:35 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 10/21/2016 06:20 PM, Robert Lee wrote: > > Given the unpleasant nature of CVE-2016-5195, would an SELinux confined > > application that exploited the Dirty COW vulnerability be capable also > > of escaping domain enforcement? > > > > Hopefully my question is not ambiguous. > > > > Thanks in advance. > > Sorry, SELinux can't help with CVE-2016-5195. > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. Couldn't SELinux help reduce the attack surface. From the small amount of testing I have conducted, it looks like the attacker is required to be able to read the file or object they are trying to manipulate. If MAC denies read, the attack doesn't work right? Please let me know if I'm mistaken. -- Judd Meinders Sr. Software Security Engineer e. judd.meinders@xxxxxxxxxxxxxxxxxxx p. 319-263-1875 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
