Apparently

(as analyzed by Joshua Brindle), SELinux with the commonly used policies prevents the latest exploit (the one using a race condition on /proc/self/environ).

Another way of preventing this would have been to mount /proc with “noexec, nosuid”. I wonder why that isn’t the default anyway?

It would be good to have more people work on Debian SELinux. Currently, I’m not aware of anyone working actively on Debian SELinux. So although it was called a “pet release goal” earlier, this seems very utopic to me right now. The SELinux toolchain has received some important fixes/features (modular policy linking should finally be working!) but these are not yet in unstable, nor has the reference policy package been updated recently.

Running SELinux on the main Debian servers probably is some work… there will be custom policy that needs to be written. It would however increase our security a lot, especially for boxes such as gluck that probably are our weakest point (because all developers need to be able to log in).

Sometimes I have the impression that I’m the only one running a Debian system with SELinux and the reference policy… and I’m still busy with my exams, and I don’t know yet if I’ll have more time afterwards (a 6-month thesis is next after the exams, and I’m actually thinking about some business opportunities, too…)