Date: Fri, 21 Jul 2017 13:07:57 +0200 From: Nicolas RUFF <nicolas.ruff@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CoreOS membership to linux-distros (updated) > A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research. Not sure if we should derail this thread into a SELinux discussion, but a friend of mine had a look lately and found dozens of implementation issues (none of which got CVE assigned AFAIK): https://github.com/SELinuxProject/selinux/commits?author=fishilico Let's consider this one, it makes you wonder if this code has ever been run: https://github.com/SELinuxProject/selinux/commit/1004a3b3f1885e3138b4818d222fc48930ea7461 - for (i = 0; i < j; j++) + for (i = 0; i < j; i++) semanage_module_info_destroy(sh, &(*modinfo)[i]); Regards, - Nicolas RUFF
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ