Browser Plugins May Strip SELinux Protections

Apr 23, 2009, 13:03 (0 Talkback[s])

"Dan worried that while "[a] confined nsplugin is a nice feature for confining plugins downloaded from the network. But if you run openoffice and evince from within nsplugin they get confined, causing the apps to not work properly." In response to Simo Sorce Dan explained that any attempt to write transition rules to enable said applications to work properly would create an easy avenue of attack. Simo wondered[4] if it would be possible to either write a security wrapper to restrict the command line, or to get application developers to honor SELinux labels in some way."

Complete Story

Related Stories:

• Top 10 Firefox Add-ons for Linux Users(Apr 21, 2009)
• New transparent proxy abuse discovered(Mar 11, 2009)
• IE, Firefox, and the Add-on Security Problem(Nov 25, 2008)
• The Pwnie Awards- Nominations Are Up!(Jul 23, 2008)