Mozilla plugins packaging [Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?]

[Paul Wouters]

On Tue, 10 Apr 2012, drago01 wrote:

>> Wouldn't it be better to package Mozilla plugins in Fedora so that they are
>> trusted?
>
> rpm packages do not magically fix security issues. A vulnerability in
> a plugin can be exploited by an attacker regardless how the plugin got
> installed. (rpm or not).

That's not true. SElinux could be used to restrict what a certain plugin
could do when packages as rpm versus the SElinux properties of files in
a users home directory.

Paul