[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SELinux on Squeeze?



On 12/31/11 13:00 , Russell Coker wrote:
On Sat, 31 Dec 2011, Laurentiu Pancescu<lpancescu@googlemail.com>  wrote:
effective). I tested Exec-shield in Debian a few years ago, with and
without SELinux, it makes a big difference:
I just did a quick test on an i386 system with PAE running a 686 Squeeze
kernel.
I just tested this as well (without SELinux), after remembering that, even on current processors with NX support in hardware, the NX bit only works if PAE is enabled. The bigmem, xen and amd64 kernels gave pretty much the same results as I had back then with exec-shield and SELinux. paxtest reported everything as vulnerable with the "default" Debian kernel.
http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_i
nto_the_kernel/
Interesting article, it doesn't make Debian look good.  :(

Perhaps they tested Debian with the default kernel, instead of bigmem. My bigmem results look similar to Ubuntu, although Debian doesn't have AppArmor. Hardened Gentoo is pretty impressive, though.


Reply to: