On Sat, 2006-04-01 at 21:58 -0500, Jeff Spaleta wrote: > On 4/1/06, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: > > The browser automatically installing packages just because you visited > > the page. You will have confirm to something and supply the root > > password and there is GPG keys to verify the source and there is SELinux > > to confine the amount of permissions that a browser has. > > Uhm... i think the nature of package installation pretty much requires > a very very loose selinux policy associated with it because the rpm > process which must be spawned software could concievable modifiy > pretty much any system file as part of a perfect valid package > install/update. As I understand it what the OP claimed was that a exploited browser would automatically be able to install packages silently which is something SELinux should be able to prevent with appropriate policies in place. Making it easier for users to install packages is not a security issue at all as long as the privileges required to complete the operation doesnt change arbitrarily. Rahul -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
