Fedora's way forward
Rahul Sundaram
sundaram at fedoraproject.org
Sun Apr 2 03:02:40 UTC 2006
On Sat, 2006-04-01 at 21:58 -0500, Jeff Spaleta wrote:
> On 4/1/06, Rahul Sundaram <sundaram at fedoraproject.org> wrote:
> > The browser automatically installing packages just because you visited
> > the page. You will have confirm to something and supply the root
> > password and there is GPG keys to verify the source and there is SELinux
> > to confine the amount of permissions that a browser has.
>
> Uhm... i think the nature of package installation pretty much requires
> a very very loose selinux policy associated with it because the rpm
> process which must be spawned software could concievable modifiy
> pretty much any system file as part of a perfect valid package
> install/update.
As I understand it what the OP claimed was that a exploited browser
would automatically be able to install packages silently which is
something SELinux should be able to prevent with appropriate policies in
place. Making it easier for users to install packages is not a security
issue at all as long as the privileges required to complete the
operation doesnt change arbitrarily.
Rahul
More information about the devel
mailing list