Re: Thank you, unknown genius!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell wrote:
Antonio Olivares wrote:

Les,

nspluginwrapper is there, and selinux is there as
well, what part of the code do you suggest is not
there.

I didn't think plugins were currently loaded by nspluginwrapper, and end users aren't likely be able to set that up or develop suitable policies by themselves.

 > Selinux is there to protect you from malicious
websites that try to execute random code unto your
machine.

The question is, how does it know malicious code from what you want the browser to do?


I don't think it does know malicious code. Heuristic analysis often ends in false positives. Its based on permission,AFAIK, does it have permission to read or modify a particular file or directory. The bottom line is Firefox is difficult to confine. Browsers, after the users, are probably the weakest link in the security chain. One thing we as users should do is refuse to use unsafe code.I missed an episode of Battlestar Galactica so I hoped over to the website to watch it there, soon as I get to scifi.com I get this(edited for length) :


 Summary:

 SELinux is preventing npviewer.bin from changing a writable memory segment
 executable.

 Detailed Description:

The npviewer.bin application attempted to change the access protection of memory
 (e.g., allocated using malloc). This is a potential security problem.
 Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If npviewer.bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application
 is fixed. Please file a bug report
 (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Nice to know SELinux is doing its job. I won't allow the access, even though i know how to go about it. Why? Cause its not safe and I'll catch the rebroadcast tonight anyway. Allowing the access , in my opinion just encourages this sort of coding. If people stop using a program until it can be proven to be safe(relatively) then the people who write them will either fix it or better yet start from scratch and write something the right way the first time, not that I think it was written with a security flaw on purpose but there it is.

Max


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux