Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: Japanese Document
From: Stephen Smalley <sds_at_tislabs.com>
Date: Thu, 20 Dec 2001 09:04:48 -0500 (EST)
On Thu, 20 Dec 2001, [ISO-2022-JP] $BA}ED(B $BE/<!(B wrote:
> My name is Tetsuji Masuda , I`m university student in Japan. First, you should upgrade to the latest SELinux release and apply all patches that have been posted on the mailing list since that release. The 2.4.9-based SELinux is quite old (August) and there have been many fixes and improvements since it was released. Download the latest release (based on 2.4.16) from http://www.nsa.gov/selinux/download2.html and then apply the following patches: http://marc.theaimsgroup.com/?l=selinux&m=100808452800605&w=2 http://marc.theaimsgroup.com/?l=selinux&m=100808453300620&w=2 http://marc.theaimsgroup.com/?l=selinux&m=100861319315772&w=2
> This is log of kon in /var/log/messages. I'm not familiar with the 'kon' command, but it appears that it tries to access the /dev/mem device. That has obvious security implications. If you really want to permit it to access this device, you'll need to put it into a domain with the corresponding permissions and put the "privmem" type attribute on the domain so that the assertion won't fail.
> Dec 17 14:20:27 pc07 kernel: Unable to handle kernel paging request at virtual address 66207369 Hmmm...This is a bug. I was initially assuming that it was something that we had already fixed since the 2.4.9 release, but in looking at the code, I see that this bug is still present in the current code. We'll get a patch out later today for the current (2.4.16) release. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 20 Dec 2001 - 09:17:35 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |