package review?

Peter Harmsen phaceton at gmail.com
Fri Jul 21 13:12:28 UTC 2006


The firefox browser is an ideal attack vector .
Could prevent a lot of mischief i think.

On 7/21/06, Paul Howarth <paul at city-fan.org> wrote:
> Valdis.Kletnieks at vt.edu wrote:
> > On Fri, 21 Jul 2006 08:58:37 +0200, Peter Harmsen said:
> >> Is there any change a firefox policy will be included
> >> as default?
> >
> > serefpolicy-2.3.3/policy/modules/apps % grep firefox mozilla.*
> > mozilla.fc:/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> > mozilla.fc:/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> >
> > The already present mozilla pilicy seems to already cover it?
>
> It doesn't appear to be enabled in the targeted policy though:
>
> # semanage fcontext -l | grep mozilla
> /usr/lib(64)?/mozilla.*\.so                        regular file
> system_u:object_r:textrel_shlib_t:s0
> /usr/lib(64)?/[^/]*/run-mozilla\.sh                regular file
> system_u:object_r:bin_t:s0
> /usr/lib(64)?/[^/]*/mozilla-xremote-client         regular file
> system_u:object_r:bin_t:s0
> /usr/lib(64)?/thunderbird.*/mozilla-xremote-client regular file
> system_u:object_r:bin_t:s0
>
> No mention of mozilla_exec_t
>
> Paul.
>


-- 
I have made this letter longer than usual, because i lack the time to
make it short.




More information about the selinux mailing list