[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora's way forward



On Sat, 2006-04-01 at 21:58 -0500, Jeff Spaleta wrote:
> On 4/1/06, Rahul Sundaram <sundaram fedoraproject org> wrote:
> > The browser automatically installing packages just because you visited
> > the page. You will have confirm to something and supply the root
> > password and there is GPG keys to verify the source and there is SELinux
> > to confine the amount of permissions that a browser has.
> 
> Uhm... i think the nature of package installation pretty much requires
> a very very loose selinux policy associated with it because the rpm
> process which must be spawned software could concievable modifiy
> pretty much any system file as part of a perfect valid package
> install/update.

As I understand it what the OP claimed was that a exploited browser
would automatically be able to install packages silently which is
something SELinux should be able to prevent with appropriate policies in
place. Making it easier for users to install packages is not a security
issue at all as long as the privileges required to complete the
operation doesnt change arbitrarily. 

Rahul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]