Craig White wrote:
Bruno is noting that the current methods of exploitation tend to be web
pages, flash, java, media files and a firewall isn't going to be of much
help with this type of intrusion but selinux clearly could be a layer of
use here.
Does it actually prevent browser plugins from doing things that the
running user can't do in the default configuration?
Yes, disabling SELinux is certainly always possible, and in fact quite
easy to do but that doesn't mean that it's the best choice possible.
On the other hand, if you have a limited amount of time it might be
better spent getting the simple layers right than on learning a complex
add-on layer that is still new enough that you can expect bugs.
--
Les Mikesell
lesmikesell@xxxxxxxxx
