<p dir="ltr"><br>
On Jan 23, 2015 7:47 AM, "Daniel J Walsh" <<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>> wrote:<br>
><br>
><br>
> On 01/23/2015 10:25 AM, poma wrote:<br>
> > On 23.01.2015 15:12, Kevin Fenzi wrote:<br>
> >> On Fri, 23 Jan 2015 12:44:23 +0100<br>
> >> poma <<a href="mailto:pomidorabelisima@gmail.com">pomidorabelisima@gmail.com</a>> wrote:<br>
> >><br>
> >>> On 23.01.2015 10:51, Martin Stransky wrote:<br>
> >>>> Folk,<br>
> >>>><br>
> >>>> There's a live 0-day flash vulnerability which is not fixed yet<br>
> >>>> [1][2]. If you use flash plugin I recommend you to enable the<br>
> >>>> click-to-play mode for it.<br>
> >>> Are we covered with<br>
> >>> $ rpm -q flash-plugin<br>
> >>> flash-plugin-11.2.202.438-release.x86_64<br>
> >>> ?<br>
> >>><br>
> >>> Ref.<br>
> >>> <a href="http://helpx.adobe.com/security.html">http://helpx.adobe.com/security.html</a><br>
> >> No.<br>
> >><br>
> >> <a href="http://helpx.adobe.com/security/products/flash-player/apsa15-01.html">http://helpx.adobe.com/security/products/flash-player/apsa15-01.html</a><br>
> >><br>
> >> kevin<br>
> >><br>
> >><br>
> >><br>
> > Thanks for reference.<br>
> ><br>
> > Until this is resolved, is this a valid way:<br>
> > $ sandbox -X -T tmp -t sandbox_web_t firefox<br>
> > to cover this security issue, or can we isolate only libflashplayer.so,<br>
> > not the entire browser.<br>
> ><br>
> > Daniel, can you comment.<br>
> ><br>
> ><br>
> libflashplayer.so runs within the Mozilla-plugin I believe. If so it<br>
> would be confined<br>
> if you have not turned on the unconfined_mozilla_plugin_transition boolean.<br>
><br>
> If this is the case we are somewhat protected, and of courseĀ you run<br>
> with setenforce 1.<br>
><br>
> sandbox -X will also add more protection.</p>
<p dir="ltr">Unless I'm mistaken, sandbox -X hasn't worked in almost a year.</p>
<p dir="ltr">--Andy</p>
<p dir="ltr">> --<br>
> devel mailing list<br>
> <a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/devel">https://admin.fedoraproject.org/mailman/listinfo/devel</a><br>
> Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct">http://fedoraproject.org/code-of-conduct</a></p>