Re: Would selinux have provided protection against this firefox exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2015-08-08 at 08:43 +0800, Ed Greshko wrote:
> On 08/08/15 08:30, William Brown wrote:
> > On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote:
> > > Not being a student of selinux I wonder if it would have protected users 
> > > and 
> > > the system against the recently discovered firefox exploit.
> > > 
> > > https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-
> > > wild
> > > /
> > > 
> > Normally firefox would run in your users context (unconfined_t), so no, this
> > would not have prevented it.
> > 
> > Unless you run a confined user, or firefox in a sandbox, these may have 
> > limited
> > the scope of the damage.
> > 
> > 
> Thank you.
> 
> Follow up.  How about system files such as /etc/passwd ?
> 

/etc/passwd doesn't really matter, it's /etc/shadow you should worry about.

But normally you can't even read shadow:

ls -al /etc/{passwd,shadow}    
ls: cannot access /etc/shadow: Permission denied
-rw-r--r--. 1 root root 3252 Jun 28 17:30 /etc/passwd

As root you can see:

-rw-r--r--. 1 root root 3252 Jun 28 17:30 /etc/passwd
----------. 1 root root 1645 Jun 28 17:30 /etc/shadow

I'd be more worried about SSH keys in ~/.ssh that don't have a password (protip.
They should have passwords), and other things like that.


-- 
William Brown <william@xxxxxxxxxxxxxxxx>
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux