Mozilla plugins packaging [Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?]
Paul Wouters
pwouters at redhat.com
Tue Apr 10 14:29:10 UTC 2012
On Tue, 10 Apr 2012, drago01 wrote:
>> Wouldn't it be better to package Mozilla plugins in Fedora so that they are
>> trusted?
>
> rpm packages do not magically fix security issues. A vulnerability in
> a plugin can be exploited by an attacker regardless how the plugin got
> installed. (rpm or not).
That's not true. SElinux could be used to restrict what a certain plugin
could do when packages as rpm versus the SElinux properties of files in
a users home directory.
Paul
More information about the devel
mailing list