-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/06/2012 09:05 PM, David McGuffey wrote:
Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process.
Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux?
I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems to me that if this works, it should be the default.
DaveM
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Very difficult to sandbox thunderbird and firefox. But sandbox tool actually works well for sandboxing viewers of downloaded data. I sandbox all content that will be viewed by evince and libreoffice.