Date: Fri, 21 Jul 2017 13:07:57 +0200 From: Nicolas RUFF <nicolas.ruff@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CoreOS membership to linux-distros (updated) > A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research. Not sure if we should derail this thread into a SELinux discussion, but a friend of mine had a look lately and found dozens of implementation issues (none of which got CVE assigned AFAIK): https://github.com/SELinuxProject/selinux/commits?author=fishilico Let's consider this one, it makes you wonder if this code has ever been run: https://github.com/SELinuxProject/selinux/commit/1004a3b3f1885e3138b4818d222fc48930ea7461 - for (i = 0; i < j; j++) + for (i = 0; i < j; i++) semanage_module_info_destroy(sh, &(*modinfo)[i]); Regards, - Nicolas RUFF
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.