How secure SElinux for user_u and exec off is ?

Support for security such as Firewalls and securing linux
Post Reply
bryn1u
Posts: 40
Joined: 2010/04/09 15:38:07
Contact:

How secure SElinux for user_u and exec off is ?

Post by bryn1u » 2018/07/22 20:11:08

Hey guys,

Im want to configure server based of course on Centos 7. Im still wondering how SElinux can protect against some exploits/bufferoverflow etc.
I made a test with PaXTest with user mapped and unmapped to user_u.
getsebool:

Code: Select all

selinuxuser_execheap --> on
selinuxuser_execmod --> on
selinuxuser_execstack --> on
blackhat
The attachment Centos_blackhat.png is no longer available
kiddie
The attachment Centos_kiddie.png is no longer available
And getsebool:

Code: Select all

selinuxuser_execheap --> off
selinuxuser_execmod --> off
selinuxuser_execstack --> off
blackhat
Centos_blackhat.png
Centos_blackhat.png (171.88 KiB) Viewed 1271 times
For kiddie i can't add image :( but results are the same as above.
As u can see there are many diffrences and what do you think about it mean exploits etc...

Post Reply