Re: Thank you, unknown genius!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- Les Mikesell <lesmikesell@xxxxxxxxx> wrote:

> Rahul Sundaram wrote:
> > 
> >>>>> Bruno is noting that the current methods of
> exploitation tend to be 
> >>>>> web
> >>>>> pages, flash, java, media files and a firewall
> isn't going to be of 
> >>>>> much
> >>>>> help with this type of intrusion but selinux
> clearly could be a 
> >>>>> layer of
> >>>>> use here.
> >>>> Does it actually prevent browser plugins from
> doing things that the 
> >>>> running user can't do in the default
> configuration?
> >>>
> >>> Yes.
> >>
> >> I thought plugins ran as libraries within the
> same process. SELinux 
> >> can prevent them from loading which isn't
> particularly useful. How can 
> >> it control separately what a plugin can do
> without breaking the 
> >> browser's  own ability to it?
> > 
> > I already gave you the link earlier.
> Nspluginwrapper is installed by 
> > default which can run plugins in a separate memory
> address making it 
> > possible to confine it by policy. If a flash
> plugin tries to access 
> > files under .ssh for example, SELinux policy can
> prevent that as a 
> > obvious violation.
> 
> That hasn't been released yet has it?  Are there
> policies that actually 
> do something useful that are known not to break
> anything?
> 
> -- 
>    Les Mikesell
>     lesmikesell@xxxxxxxxx
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
> 

Les,

nspluginwrapper is there, and selinux is there as
well, what part of the code do you suggest is not
there.  Selinux is there to protect you from malicious
websites that try to execute random code unto your
machine.  It is many times hard to deal with, but for
whichever problems you have please post them here, or
to fedora-selinux-list@xxxxxxxxxxx  Mr. Dan Walsh, and
others(not to leave anyone out) on the
fedora-selinux-list have been very helpful when I have
problems with selinux, which I have had many and they
have guided me correctly in determining a fix for the
problems encountered.  I have seen a flood of selinux
denials (avcs), but I know that they are there to
protect my computer from harms way.    

Regards,

Antonio 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux