[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Dailydave] R. RHEL, RHCS, and Selinux : hype, reality or dream?

To: yersinia <yersinia.spiros@xxxxxxxxx>
Subject: Re: [Full-disclosure] [Dailydave] R. RHEL, RHCS, and Selinux : hype, reality or dream?
From: Marco Ermini <marco.ermini@xxxxxxxxx>
Date: Fri, 9 Oct 2009 16:28:43 +0200

2009/9/9 yersinia:
> So it seems that it is not necessary to be a clever hacker as spender to
> disable SELinux on a system (http://grsecurity.net/~spender/exploit.txt).
> Just follow the directions of the vendor. This one require to disable
> selinux for the proper function of one of its HA products, after years that
> the same vendor was critical with commercial product, o badly compiled open
> source for SELINUX execmem o textreloc issue,  because they require the
> same.
[...]

It is just necessary to install an updated SELinux policy to make the
RH Cluster work with SELinux.

https://bugzilla.redhat.com/attachment.cgi?id=348662

I guess the fault is mainly in the vendor documentation...


Cheers
-- 
Marco Ermini
root@human # mount -t life -o ro /dev/dna /genetic/research
http://www.linkedin.com/in/marcoermini
"Jesus saves... but Buddha makes incremental back-ups!"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Attack pattern selection criteria for IPS products
Next by Date: Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?
Previous by thread: [Full-disclosure] [ MDVSA-2009:263 ] sympa
Next by thread: Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?
Index(es):
- Date
- Thread