Would selinux have provided protection against this firefox exploit?
William Brown
william at blackhats.net.au
Sat Aug 8 00:30:01 UTC 2015
On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote:
> Not being a student of selinux I wonder if it would have protected users and
> the system against the recently discovered firefox exploit.
>
> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild
> /
>
Normally firefox would run in your users context (unconfined_t), so no, this
would not have prevented it.
Unless you run a confined user, or firefox in a sandbox, these may have limited
the scope of the damage.
--
William Brown <william at blackhats.net.au>
More information about the selinux
mailing list