ch as GRSecurity
and RSBAC).
> No need to discuss this further. I get your point.
Ok :-)
--
Sebastien Raveau
apply a SELinux context if setcon() is
available... I'll have to disagree with you. Not that I reject the
idea of enforcing security measures by default, but because when you
google for "selinux howto", half of the first-page results are on how
to *disable* SELinux. Apparently not everybody likes it, and they have
a right to, so I believe we should not force it upon them :-)
Kind regards,
--
Sebastien Raveau
ogether to gain root shell access on a vulnerable system.
>>
>> SELinux will make it more difficult, as it is even more tricky to disable
>> the SELinux controll mechanism on the way.
>>
>>
>> Kind regards,
>>
>> David Sommerseth
>>
>>
>
009 at 10:18 AM, Alon Bar-Lev wrote:
> Do that.
> But as in this case OpenVPN does not run under privilege account at
> any time, you can do this simply without any selinux code into VPN.
>
> On Tue, Jul 28, 2009 at 11:12 AM, Sebastien
> Raveau wrote:
>> On Tue, Jul 28, 2009
n be countered with SELinux (and equivalents such as
GRSecurity, RSBAC, LIDS etc) basically by applying access control on
system calls.
Kind regards,
--
Sebastien Raveau
Hi!
Pardon me for asking but... I see you guys talking about a new release
candidate, and I am still without news about my contribution to
OpenVPN that I submitted one month ago:
http://article.gmane.org/gmane.network.openvpn.devel/2700
Is there something wrong about it?
--
Sebastien Raveau
only be added if detected by ./configure
* libselinux is so common now that even /bin/ls is linked against it
on most Linux systems
so OpenVPN should get SELinux support quite transparently ;-)
Best regards,
--
Sebastien Raveau
Information Warfare Consultant
http://blog.sebastien.raveau.name/
