--- Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > Rahul Sundaram wrote: > > > >>>>> Bruno is noting that the current methods of > exploitation tend to be > >>>>> web > >>>>> pages, flash, java, media files and a firewall > isn't going to be of > >>>>> much > >>>>> help with this type of intrusion but selinux > clearly could be a > >>>>> layer of > >>>>> use here. > >>>> Does it actually prevent browser plugins from > doing things that the > >>>> running user can't do in the default > configuration? > >>> > >>> Yes. > >> > >> I thought plugins ran as libraries within the > same process. SELinux > >> can prevent them from loading which isn't > particularly useful. How can > >> it control separately what a plugin can do > without breaking the > >> browser's own ability to it? > > > > I already gave you the link earlier. > Nspluginwrapper is installed by > > default which can run plugins in a separate memory > address making it > > possible to confine it by policy. If a flash > plugin tries to access > > files under .ssh for example, SELinux policy can > prevent that as a > > obvious violation. > > That hasn't been released yet has it? Are there > policies that actually > do something useful that are known not to break > anything? > > -- > Les Mikesell > lesmikesell@xxxxxxxxx > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > Les, nspluginwrapper is there, and selinux is there as well, what part of the code do you suggest is not there. Selinux is there to protect you from malicious websites that try to execute random code unto your machine. It is many times hard to deal with, but for whichever problems you have please post them here, or to fedora-selinux-list@xxxxxxxxxxx Mr. Dan Walsh, and others(not to leave anyone out) on the fedora-selinux-list have been very helpful when I have problems with selinux, which I have had many and they have guided me correctly in determining a fix for the problems encountered. I have seen a flood of selinux denials (avcs), but I know that they are there to protect my computer from harms way. Regards, Antonio __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list