On Mon, 2008-04-14 at 16:08 -0400, Chris Ricker wrote: > On Mon, 14 Apr 2008, Chuck Anderson wrote: > > > On Mon, Apr 14, 2008 at 03:57:56PM -0400, Jesse Keating wrote: > > > On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote: > > > > Why is this program set-uid root? > > > > > > > > ls -l /usr/lib/nspluginwrapper/plugin-config > > > > -rwsr-xr-x 1 root root 60048 2008-03-11 > > > > 10:02 /usr/lib/nspluginwrapper/plugin-config* > > > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=442065 > > > > > > Probably so that it can create files in /usr/lib/mozilla when a user > > > downloads a plugin via their browser. > > > > That just seems wrong. If a user can download a plugin, it should be > > put in ~/.mozilla/plugins. A user shouldn't be able to force a plugin > > into a system-wide directory. > > See https://bugzilla.redhat.com/show_bug.cgi?id=334311 for more history on > it Does it have its own domain in policy so that it is at least confined to only those capabilities it requires and only to access those files it requires? Although that won't help from default user shell of unconfined_t. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
