Execmem and SE LinuxExecmem and SE Linux
Eddy writes about problems getting the game oolite to run under SE Linux [1]. Strangely after I fixed the shared object issue with libffcall1 (as described in my previous post[...]
Category: Security
Lintian and Executable StacksLintian and Executable Stacks
Debian has a program called Lintian that is used to search for common bugs in Debian packages. When it encounters a package with a shared object that requests an executable[...]
How SE Linux Prevents Local Root ExploitsHow SE Linux Prevents Local Root Exploits
In a comment on my previous post about SE Linux and worms/trojans [1] a user enquired about which methods of gaining local root are prevented by SE Linux. A local[...]
Can SE Linux Stop a Linux StormCan SE Linux Stop a Linux Storm
Bruce Schneier has just written about the Storm Worm [1] which has apparently been quietly 0wning some Windows machines for most of this year (see the Wikipedia page for more[...]
Executable Stack and Shared ObjectsExecutable Stack and Shared Objects
When running SE Linux you will notice that most applications are not permitted to run with an executable stack. One example of this is libsmpeg0 which is used by the[...]
Reducing Automated AttacksReducing Automated Attacks
I read the logs from my servers. The amount of time I spend reading log summaries is determined by how important the server is. On the machines that are most[...]
Context of /dev/xvc0Context of /dev/xvc0
I have just converted a Fedora Core 5 server to a CentOS 5 Xen Dom0 with Fedora Core 5 as a DomU. The process took a little longer than expected[...]
Multiple Pointers in XMultiple Pointers in X
After having read Brice Goglin’s post about what to expect in X for Lenny [1] the thing that seemed most exciting is the support for Multi-Pointer X [2]. This allows[...]
ISP Password Change by Untrusted PeopleISP Password Change by Untrusted People
After dealing with Optus phone support [1] in regard to a routine request for a password change I have been thinking about better ways of managing password changes for a[...]
Is SE Linux only for Linux?Is SE Linux only for Linux?
I have just been asked for advice on whether SE Linux is Linux specific, and therefore whether code related to SE Linux should always be stored with other Linux specific[...]