where can I find source policy for Mozilla Browser (Firefox)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sun Sep 21 04:25:41 UTC 2008
On Sat, 20 Sep 2008 16:27:43 EDT, Jason Edgecombe said:
> yiruli at ccsl.carleton.ca wrote:
> > Hi,
> > Where can I find the source policy for Mozilla Firefox?
> >
> > From the SELinux administration tool, I see that Mozilla module has
> > been loaded?
> >
> > But I find the following through the command "ps -Z":
> > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34
> > firefox
> >
> > Can I say that the policy for Firefox in my machine is not enforced yet?
> >
> > How can I make the policy be enforced?
> >
> > What is the status of the policy writing for Firefox?
> > In one web article, Dan said that the policy writing for Firefox has
> > little success due to its variant behaviour.
> What about changing the root password, then giving the customer (and
> other internal people) access vis sudo with an auditing shell like eash.
> They still have a root shell, it's just audited now.
That's not addressing the *big* problem with things like Firefox.
The original poster probably wants Firefox policy enforced so that if an
exploit is found in Firefox, the damage is basically contained to the user's
~/.mozilla directory (where Firefox reads/writes it files), and the now-rogue
Firefox process can't go snooping around in other sensitive files (like the
ones in your .ssh or .gpg directories).
I don't see where the root password even enters into it - does *anybody*
run a browser as root?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080921/f8045054/attachment.sig>
More information about the fedora-selinux-list
mailing list