Browser Plugins May Strip SELinux Protections

"Dan worried that while "[a] confined nsplugin is a nice feature for confining plugins downloaded from the network. But if you run openoffice and evince from within nsplugin they get confined, causing the apps to not work properly." In response to Simo Sorce Dan explained that any attempt to write transition rules to enable said applications to work properly would create an easy avenue of attack. Simo wondered[4] if it would be possible to either write a security wrapper to restrict the command line, or to get application developers to honor SELinux labels in some way."

Complete Story

Related Stories:

• Top 10 Firefox Add-ons for Linux Users(Apr 20, 2009)
• New transparent proxy abuse discovered(Mar 11, 2009)
• IE, Firefox, and the Add-on Security Problem(Nov 24, 2008)
• The Pwnie Awards- Nominations Are Up!(Jul 22, 2008)