[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?



The firefox browser is an ideal attack vector .
Could prevent a lot of mischief i think.

On 7/21/06, Paul Howarth <paul city-fan org> wrote:
Valdis Kletnieks vt edu wrote:
> On Fri, 21 Jul 2006 08:58:37 +0200, Peter Harmsen said:
>> Is there any change a firefox policy will be included
>> as default?
>
> serefpolicy-2.3.3/policy/modules/apps % grep firefox mozilla.*
> mozilla.fc:/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
> mozilla.fc:/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
>
> The already present mozilla pilicy seems to already cover it?

It doesn't appear to be enabled in the targeted policy though:

# semanage fcontext -l | grep mozilla
/usr/lib(64)?/mozilla.*\.so                        regular file
system_u:object_r:textrel_shlib_t:s0
/usr/lib(64)?/[^/]*/run-mozilla\.sh                regular file
system_u:object_r:bin_t:s0
/usr/lib(64)?/[^/]*/mozilla-xremote-client         regular file
system_u:object_r:bin_t:s0
/usr/lib(64)?/thunderbird.*/mozilla-xremote-client regular file
system_u:object_r:bin_t:s0

No mention of mozilla_exec_t

Paul.



--
I have made this letter longer than usual, because i lack the time to
make it short.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]