[DSE-Dev] looking for help testing selinux/kernel security fix
dannf at debian.org
Tue Oct 20 21:42:53 UTC 2009
We have a new kernel security update in preparation which includes the
* selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
These fixes are pretty well described here and in the blog entries it
Is there someone on this list who can test this kernel in an SELinux
environment for me? Builds for most architectures are available here:
http://kernel.debian.net/debian lenny-proposed-security updates main
Sorry, this archive is not signed - but these files are hosted on
alioth if you'd rather scp.
A good test would be to bump /proc/sys/vm/mmap_min_addr to 4096 and
try and start dosemu as an unconfined user (this should fail), and to
verify that it does work if mmap_min_addr is 0 (the current
default). I'm an SELinux novice, so there maybe other useful tests you
can think up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: Digital signature
More information about the SELinux-devel