Tresys corporation is tracking some of the known vulnerabilities in the past that SELinux has thwarted.
You can read about them at
One key feature of SELinux is the confinement of executable memory. This tops applications from having memory that is both executable and writable at the same time. A lot of attacks on computer software involve a coding mistake in code that allows the writing of memory beyond the end of an allocated buffer, called a buffer overflow. So a cracker find a piece of code that allocates less space then the code can write. The cracker tricks the application to writing his data into the overflowed buffer. Finally he attempts to get the application to execute the buffer that he has just written. SELinux executable memory checks in the kernel prevent this.
While we have attempted to turn these checks on for the unconfined user in the past, we have had missed success, because of badly written applications breaking. But for almost all confined applications these checks are turned on. So if a vulnerability exists in a confined application that involves a buffer overflow, most likely SELinux will prevent it.
Dan Walsh's Blog
- So does SELInux really stop any attacks?