James Morris - SELinux blocks Apache DoS vulnerability
SELinux blocks Apache DoS vulnerability|
A recent Apache vulnerability, where a remote attacker can cause httpd to send a signal to an arbitrary process and potentially crash it, is mitigated by SELinux targeted policy (as installed by default in RHEL5 and F7). Of course, even if you have SELinux enabled, it's good defence-in-depth1 to ensure the underlying vulnerabilities are fixed.
Advisories: RHEL5, F7.
1Here's a useful reference page on Fedora Security Features.
|Date:||July 1st, 2007 07:19 pm (UTC)|| |
Really blocks? You can't kill other apache processes with that policy?