Re: Thank you, unknown genius!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bruno Wolff III wrote:

Bruno is noting that the current methods of exploitation tend to be web
pages, flash, java, media files and a firewall isn't going to be of much
help with this type of intrusion but selinux clearly could be a layer of
use here.
Does it actually prevent browser plugins from doing things that the running user can't do in the default configuration?

Yes.

I thought plugins ran as libraries within the same process. SELinux can prevent them from loading which isn't particularly useful. How can it control separately what a plugin can do without breaking the browser's own ability to it?

Yes, disabling SELinux is certainly always possible, and in fact quite
easy to do but that doesn't mean that it's the best choice possible.
On the other hand, if you have a limited amount of time it might be better spent getting the simple layers right than on learning a complex add-on layer that is still new enough that you can expect bugs.

I don't like having to trust Firefox (that's without plugins).

What do you like to trust?

> That code
virtually has to have some bugs that will allow running arbitrary code
as the user.

As opposed to some imaginary code that doesn't have bugs?

I think people are crazy to us propietary plugins. As events
have shown, not only to corpoartions make mistakes with their code they
also intentionally make it doing stuff hostile to the user.

As opposed to some imaginary source of programs that never makes mistakes and never has any self-serving agenda?

Having SELinux
be able to help with this stuff would be very nice.

And of course it would be nice if SELinux itself was part of this imaginary code that never has mistakes and can't have a self-serving agenda that we don't know about. But then it would already be doing everything you want.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux