Marko Randjelovic:
On Wed, 22 Jan 2014 12:24:27 +1100
Russell Coker russ...@coker.com.au wrote:
The possibility of LSM hooks being used to hide a kernel rootkit is
widely cited. But most sysadmins aren't going to find a kernel
rootkit anyway so using a non-LSM security system for that
Marko Randjelovic:
Octavio Alvarez alvar...@alvarezp.ods.org wrote:
I wouldn't worry about SELinux specifically.
As I already pointed out, there is something:
http://lists.debian.org/20140120005556.612de...@eunet.rs
And Russel Coker carefully explained in his reply to your mail why that
Kevin Olbrich:
Is SELinux disabled on new debian installs?
The SELinux packages are optional. The default kernel is configured so
that SELinux (or another LSM) can be enabled after the packages have
been installed.
Cheers,
Andreas
--
To UNSUBSCRIBE, email to
Bjoern Meier:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
I proposed this Debian Release Goal:
https://wiki.debian.org/ReleaseGoals/SELinux
Cheers,
Andreas
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Marko Randjelovic:
SELinux security benefits are vague because it makes possible to
use it's hooks to add a backdoor which would be nearly impossible
to detect:
https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm
https://grsecurity.net/lsm.php
SELinux, AppArmor, Smack and
Hans-Christoph Steiner:
The crypto smartcard (aka Hardware Security Module) are some work to setup,
but not really all that much. And they are easy to use once setup. And they
provide a huge boost in the security of the certificate.
Such hardware also costs a significant amount of money. Are
David Gerard:
I would assume the recent JDK7 hole would also affect OpenJDK7, given
they're pretty much the same codebase.
But OpenJDK6 is based on OpenJDK7, cut down to pass JCK6. Has anyone
checked if OpenJDK6 is vulnerable?
CERT states this:
Systems Affected
Any system using Oracle
I found CVE-2013-0422 on the TODO list:
https://security-tracker.debian.org/tracker/status/todo
Cheers,
Andreas
---
Andreas Kuckartz:
David Gerard:
I would assume the recent JDK7 hole would also affect OpenJDK7, given
they're pretty much the same codebase.
But OpenJDK6 is based on OpenJDK7
8 matches
Mail list logo