On 01/23/2015 10:25 AM, poma wrote: > On 23.01.2015 15:12, Kevin Fenzi wrote: >> On Fri, 23 Jan 2015 12:44:23 +0100 >> poma <pomidorabelisima@xxxxxxxxx> wrote: >> >>> On 23.01.2015 10:51, Martin Stransky wrote: >>>> Folk, >>>> >>>> There's a live 0-day flash vulnerability which is not fixed yet >>>> [1][2]. If you use flash plugin I recommend you to enable the >>>> click-to-play mode for it. >>> Are we covered with >>> $ rpm -q flash-plugin >>> flash-plugin-11.2.202.438-release.x86_64 >>> ? >>> >>> Ref. >>> http://helpx.adobe.com/security.html >> No. >> >> http://helpx.adobe.com/security/products/flash-player/apsa15-01.html >> >> kevin >> >> >> > Thanks for reference. > > Until this is resolved, is this a valid way: > $ sandbox -X -T tmp -t sandbox_web_t firefox > to cover this security issue, or can we isolate only libflashplayer.so, > not the entire browser. > > Daniel, can you comment. > > libflashplayer.so runs within the Mozilla-plugin I believe. If so it would be confined if you have not turned on the unconfined_mozilla_plugin_transition boolean. If this is the case we are somewhat protected, and of course you run with setenforce 1. sandbox -X will also add more protection. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
