Originally Posted by konst
Actually, SELinux is a access control mechanism. GRsecurity prevents actually prevents unknown bugs from being exploited plus it has an access control mechanism. You can actually use both GRsecurity and SELinux together.
Im aware that flash/java/mono do the same thing (flash being the most dangerous in my opinion). I'm not sure they have root access like the Nvidia driver has which is more dangerous.
I wonder what the NVidia driver has to write code for performance reasons. Java and mono have decreased performance when they have to write code but that's a different situation.
This is one of the reasons why the Nvidia specs and driver should be open source.
Yes I know what selinux is an how it works it is an access control mechanism but it can be set up to prevent an app from doing anything (including executing code).
After that you have rules to allow the app the actions it has to do.
And no the opengl libs should never run as root unless you start an opengl app as root.