On Mon, 2013-04-15 at 09:12 +0100, Richard W.M. Jones wrote: > which I interpret to mean that after using -fstack-protector-all and > removing prelink, SELinux would become obsolete because no executable > can be exploited.
No; there are plenty of exploits which aren't due to buffer overflows. Particularly in the era of web applications; a lot of people just toss up a Django or Ruby on Rails app, but it's *so* easy in those frameworks to have a bug that allows arbitrary code execution in the context of the service. SELinux is a good match for these sorts of apps, we just don't have the management tools and documentation to make it easy for web application authors to use. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
