On 11/2/18 7:01 AM, Raphael Groner wrote: >> On 11/1/18 5:08 PM, Cătălin George Feștilă wrote: >> >> SELinux can block the exploit if the "unconfined" module is disabled. > > Same thoughts here. No main process (by user) should be allowed to overwrite > system configuration except the dedicated tools or an editor. > >> I'm writing blog about it. When it will be ready, I add link also to >> this thread. > > Thanks. Please let us know about your work. >
https://lukas-vrabec.com/index.php/2018/11/02/cve-2018-14665-xorg-x-server-vulnerabilities-vs-selinux/ > Regards, Raphael > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org