Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Jul 2017 13:07:57 +0200
From: Nicolas RUFF <nicolas.ruff@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CoreOS membership to linux-distros (updated)

> A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research.

Not sure if we should derail this thread into a SELinux discussion,
but a friend of mine had a look lately and found dozens of
implementation issues (none of which got CVE assigned AFAIK):
https://github.com/SELinuxProject/selinux/commits?author=fishilico

Let's consider this one, it makes you wonder if this code has ever been run:

https://github.com/SELinuxProject/selinux/commit/1004a3b3f1885e3138b4818d222fc48930ea7461
- for (i = 0; i < j; j++)
+ for (i = 0; i < j; i++)
  semanage_module_info_destroy(sh, &(*modinfo)[i]);

Regards,
- Nicolas RUFF

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ