[DSE-Dev] looking for help testing selinux/kernel security fix

dann frazier dannf at debian.org
Tue Oct 20 21:42:53 UTC 2009

We have a new kernel security update in preparation which includes the
following fix:

  * selinux: prevent local users from bypassing mmap_min_addr
    in unconfined domains (CVE-2009-2695)

These fixes are pretty well described here and in the blog entries it


Is there someone on this list who can test this kernel in an SELinux
environment for me? Builds for most architectures are available here:

  http://kernel.debian.net/debian lenny-proposed-security updates main

Sorry, this archive is not signed - but these files are hosted on
alioth if you'd rather scp.

A good test would be to bump /proc/sys/vm/mmap_min_addr to 4096 and
try and start dosemu as an unconfined user (this should fail), and to
verify that it does work if mmap_min_addr is 0 (the current
default). I'm an SELinux novice, so there maybe other useful tests you
can think up.

dann frazier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20091020/26c07489/attachment.pgp>

More information about the SELinux-devel mailing list