Linux Today: Linux News On Internet Time.

Browser Plugins May Strip SELinux Protections

Apr 23, 2009, 13:03 (0 Talkback[s])

"Dan worried that while "[a] confined nsplugin is a nice feature for confining plugins downloaded from the network. But if you run openoffice and evince from within nsplugin they get confined, causing the apps to not work properly." In response to Simo Sorce Dan explained that any attempt to write transition rules to enable said applications to work properly would create an easy avenue of attack. Simo wondered[4] if it would be possible to either write a security wrapper to restrict the command line, or to get application developers to honor SELinux labels in some way."

Complete Story

Related Stories: