On Sat, 20 Sep 2008 16:27:43 EDT, Jason Edgecombe said: > yiruli@xxxxxxxxxxxxxxxx wrote: > > Hi, > > Where can I find the source policy for Mozilla Firefox? > > > > From the SELinux administration tool, I see that Mozilla module has > > been loaded? > > > > But I find the following through the command "ps -Z": > > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34 > > firefox > > > > Can I say that the policy for Firefox in my machine is not enforced yet? > > > > How can I make the policy be enforced? > > > > What is the status of the policy writing for Firefox? > > In one web article, Dan said that the policy writing for Firefox has > > little success due to its variant behaviour. > What about changing the root password, then giving the customer (and > other internal people) access vis sudo with an auditing shell like eash. > They still have a root shell, it's just audited now. That's not addressing the *big* problem with things like Firefox. The original poster probably wants Firefox policy enforced so that if an exploit is found in Firefox, the damage is basically contained to the user's ~/.mozilla directory (where Firefox reads/writes it files), and the now-rogue Firefox process can't go snooping around in other sensitive files (like the ones in your .ssh or .gpg directories). I don't see where the root password even enters into it - does *anybody* run a browser as root?
Attachment:
pgp9iQwrjd5on.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
