Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Jul 2017 13:07:57 +0200
From: Nicolas RUFF <nicolas.ruff@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CoreOS membership to linux-distros (updated)

> A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research.

Not sure if we should derail this thread into a SELinux discussion,
but a friend of mine had a look lately and found dozens of
implementation issues (none of which got CVE assigned AFAIK):
https://github.com/SELinuxProject/selinux/commits?author=fishilico

Let's consider this one, it makes you wonder if this code has ever been run:

https://github.com/SELinuxProject/selinux/commit/1004a3b3f1885e3138b4818d222fc48930ea7461
- for (i = 0; i < j; j++)
+ for (i = 0; i < j; i++)
  semanage_module_info_destroy(sh, &(*modinfo)[i]);

Regards,
- Nicolas RUFF

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.