Re: SELinux on Squeeze?
On Sat, 31 Dec 2011, Laurentiu Pancescu <lpancescu@googlemail.com> wrote:
> effective). I tested Exec-shield in Debian a few years ago, with and
> without SELinux, it makes a big difference:
I just did a quick test on an i386 system with PAE running a 686 Squeeze
kernel.
SE Linux enforcing vs permissive made no difference to paxtest results with a
default configuration. But when I was in enforcing mode and defined an
account with user_t as the default domain (instead of unconfined_t) the test
"Writable text segments" was no longer reported as vulnerable.
> I think now only grsecurity is available in Debian, providing similar
> functionality (it does much more than exec-shield, but it's also more
> intrusive - not sure if it's even possible to use SELinux at the same
> time). I don't mean this in a bad way, grsecurity seems to boost kernel
> security quite a bit:
The Gentoo guys integrated PAX and SE Linux. When you think of non-exec stack
and GRSecurity you are thinking of PAX.
> http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_i
> nto_the_kernel/
Interesting article, it doesn't make Debian look good. :(
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: