Marko Randjelovic:
> On Wed, 22 Jan 2014 12:24:27 +1100
> Russell Coker wrote:
>
>> The possibility of LSM hooks being used to hide a kernel rootkit is
>> widely cited. But most sysadmins aren't going to find a kernel
>> rootkit anyway so using a non-LSM security system for that reason is
>> trad
Marko Randjelovic:
> Octavio Alvarez wrote:
>> I wouldn't worry about SELinux specifically.
>
> As I already pointed out, there is something:
> http://lists.debian.org/20140120005556.612de...@eunet.rs
And Russel Coker carefully explained in his reply to your mail why that
approach does not help
Kevin Olbrich:
> Is SELinux disabled on new debian installs?
The SELinux packages are optional. The default kernel is configured so
that SELinux (or another LSM) can be enabled after the packages have
been installed.
Cheers,
Andreas
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.deb
Marko Randjelovic:
> SELinux security benefits are vague because it makes possible to
> use it's hooks to add a backdoor which would be nearly impossible
> to detect:
>
> https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm
> https://grsecurity.net/lsm.php
SELinux, AppArmor, Smack and
Bjoern Meier:
> http://en.wikipedia.org/wiki/Security-Enhanced_Linux
I proposed this Debian Release Goal:
https://wiki.debian.org/ReleaseGoals/SELinux
Cheers,
Andreas
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas.
Richard Owlett:
> I chose phrasing of subject line to emphasize some peculiarities of my
> needs.
>
> End-user emphasizes:
> - I am *NOT* an expert
> - my system is never intended to be a "server"
>
> Laptop indicates:
> - small standalone system intended to operate primarily *WITHOUT* any
Hans-Christoph Steiner:
> The crypto smartcard (aka Hardware Security Module) are some work to setup,
> but not really all that much. And they are easy to use once setup. And they
> provide a huge boost in the security of the certificate.
Such hardware also costs a significant amount of money. A
I found CVE-2013-0422 on the TODO list:
https://security-tracker.debian.org/tracker/status/todo
Cheers,
Andreas
---
Andreas Kuckartz:
> David Gerard:
>> I would assume the recent JDK7 hole would also affect OpenJDK7, given
>> they're pretty much the same codebase.
>>
&
David Gerard:
> I would assume the recent JDK7 hole would also affect OpenJDK7, given
> they're pretty much the same codebase.
>
> But OpenJDK6 is based on OpenJDK7, cut down to pass JCK6. Has anyone
> checked if OpenJDK6 is vulnerable?
CERT states this:
"Systems Affected
Any system using Oracl
9 matches
Mail list logo
