On 08/08/2015 02:43 AM, Ed Greshko wrote:
On 08/08/15 08:30, William Brown wrote:
On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote:
Not being a student of selinux I wonder if it would have protected users and
the system against the recently discovered firefox exploit.
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild
/
Normally firefox would run in your users context (unconfined_t), so no, this
would not have prevented it.
Unless you run a confined user, or firefox in a sandbox, these may have limited
the scope of the damage.
Exactly, You need to run SELinux in more strictly mode as confined users.
Thank you.
Follow up. How about system files such as /etc/passwd ?
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux