On Tue, 2005-10-04 at 17:04 -0400, Richard Hally wrote: > Perhaps it would be appropriate to reevaluate the implementation > strategy for this particular "feature" of SELinux. > > If there is no coherent, concise, convincing explanation provided to the > people who need to make changes to their software to conform to the > requirements of this "feature" then there isn't much hope of them doing > what is required. Since this "feature" was implemented many months ago > and these problems are still appearing please consider filing bugs with > the appropriate explanation so that the appropriate people can make the > required changes. Hi, I think all you need to do is file a bugzilla against firefox and report what you reported originally, and note that these .so's have text relocations. Then it is up to the maintainer for that package (and ultimately the upstream developers) to address the issue. The notion that text relocations are bad isn't something novel to SELinux by any means. We simply added controls to SELinux over the resulting attempt to modify the memory protections at the suggestion of the Red Hat developers so that this can be controlled by policy. You can also bugzilla policy if you like so that the permissions can be added in the short term until the package is fixed. This is no different than any other bug you might encounter in a particular package; when you find the bug, file it against the package. The policy can certainly workaround it in the short term, but that doesn't improve security; it just permits the status quo. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list