ryuko@lemmy.mltoAsklemmy@lemmy.ml•What do you think (this person's) username means, without looking it up?English
0·
2 years agoMine isn’t very interesting, but sure
not a weeb
trans rights 🏳️⚧️🏳️🌈
they/them
Mine isn’t very interesting, but sure
That’s a really interesting bypass; I wonder how this can be patched or mitigated considering the module is entirely loaded from memory. Short of setting noexec
on temporary directories, I can’t think of any quick short term fixes.
Edit: Re-read the blog post and looked at the Github repo for the code- looks like this is more of a proof of concept of a SELinux confine bypass, as the kernel needs to be compiled with CONFIG_SECURITY_SELINUX_DEVELOP
set. See the readme here, there’s some more notes that weren’t included in the blog post.
Not really, unless you’re a fan of the UI/UX changes.