Thank you, unknown genius!

Antonio Olivares olivares14031 at yahoo.com
Sun Apr 13 02:38:10 UTC 2008 

--- Les Mikesell <lesmikesell at gmail.com> wrote:

> Rahul Sundaram wrote:
> > 
> >>>>> Bruno is noting that the current methods of
> exploitation tend to be 
> >>>>> web
> >>>>> pages, flash, java, media files and a firewall
> isn't going to be of 
> >>>>> much
> >>>>> help with this type of intrusion but selinux
> clearly could be a 
> >>>>> layer of
> >>>>> use here.
> >>>> Does it actually prevent browser plugins from
> doing things that the 
> >>>> running user can't do in the default
> configuration?
> >>>
> >>> Yes.
> >>
> >> I thought plugins ran as libraries within the
> same process. SELinux 
> >> can prevent them from loading which isn't
> particularly useful. How can 
> >> it control separately what a plugin can do
> without breaking the 
> >> browser's  own ability to it?
> > 
> > I already gave you the link earlier.
> Nspluginwrapper is installed by 
> > default which can run plugins in a separate memory
> address making it 
> > possible to confine it by policy. If a flash
> plugin tries to access 
> > files under .ssh for example, SELinux policy can
> prevent that as a 
> > obvious violation.
> 
> That hasn't been released yet has it?  Are there
> policies that actually 
> do something useful that are known not to break
> anything?
> 
> -- 
>    Les Mikesell
>     lesmikesell at gmail.com
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
> 

Les,

nspluginwrapper is there, and selinux is there as
well, what part of the code do you suggest is not
there.  Selinux is there to protect you from malicious
websites that try to execute random code unto your
machine.  It is many times hard to deal with, but for
whichever problems you have please post them here, or
to fedora-selinux-list at redhat.com.  Mr. Dan Walsh, and
others(not to leave anyone out) on the
fedora-selinux-list have been very helpful when I have
problems with selinux, which I have had many and they
have guided me correctly in determining a fix for the
problems encountered.  I have seen a flood of selinux
denials (avcs), but I know that they are there to
protect my computer from harms way.    

Regards,

Antonio 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the users mailing list