Would selinux have provided protection against this firefox exploit?
Ed Greshko
ed.greshko at greshko.com
Sat Aug 8 00:43:48 UTC 2015
On 08/08/15 08:30, William Brown wrote:
> On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote:
>> Not being a student of selinux I wonder if it would have protected users and
>> the system against the recently discovered firefox exploit.
>>
>> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild
>> /
>>
> Normally firefox would run in your users context (unconfined_t), so no, this
> would not have prevented it.
>
> Unless you run a confined user, or firefox in a sandbox, these may have limited
> the scope of the damage.
>
>
Thank you.
Follow up. How about system files such as /etc/passwd ?
--
If I wanted a blog or social media I'd go elsewhere
More information about the selinux
mailing list