1 Sep
2010
1 Sep
'10
9:52 a.m.
So, right now I do not need SELinux even if I "use a web browser to view more than a short list of trusted sites".
Of course flash, firefox, all the image libraries it uses and the font libraries are perfect and never had a bug triggerable remotely - right ?
Nope.
Look for example the Dowd exploit of flash - SELinux blocked it, non SELinux systems got 0wned. Ditto Mambo against Firefox. Dowd is also interesting because it was designed and built as a cross platform exploit.
Alan