On Sat, 2015-08-08 at 08:43 +0800, Ed Greshko wrote:
On 08/08/15 08:30, William Brown wrote:
> On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote:
> > Not being a student of selinux I wonder if it would have protected users
> > and
> > the system against the recently discovered firefox exploit.
> >
> >
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-
> > wild
> > /
> >
> Normally firefox would run in your users context (unconfined_t), so no, this
> would not have prevented it.
>
> Unless you run a confined user, or firefox in a sandbox, these may have
> limited
> the scope of the damage.
>
>
Thank you.
Follow up. How about system files such as /etc/passwd ?
/etc/passwd doesn't really matter, it's /etc/shadow you should worry about.
But normally you can't even read shadow:
ls -al /etc/{passwd,shadow}
ls: cannot access /etc/shadow: Permission denied
-rw-r--r--. 1 root root 3252 Jun 28 17:30 /etc/passwd
As root you can see:
-rw-r--r--. 1 root root 3252 Jun 28 17:30 /etc/passwd
----------. 1 root root 1645 Jun 28 17:30 /etc/shadow
I'd be more worried about SSH keys in ~/.ssh that don't have a password (protip.
They should have passwords), and other things like that.
--
William Brown <william(a)blackhats.net.au>