[CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
Rob Townley
rob.townley at gmail.com
Fri Dec 7 21:59:04 UTC 2012
Daniel,
Can the Firefox profile file hierarchy be sandboxed? So everything
downloaded within the profile cache is sandboxed. More like if any
application accesses something in a particular folder, sandboxing
automatically kicks in.
On Fri, Dec 7, 2012 at 5:49 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/06/2012 09:05 PM, David McGuffey wrote:
> > Moat of the advanced persistent threats (APT) are initiated via e-mail.
> > Opening an attachment or clicking on a web link starts the process.
> >
> > Why isn't Firefox and Evolution confined with SELinux policy in a way
> that
> > APT can't damage the rest of the system? Why are we not sandboxing these
> > two apps with SELinux?
> >
> > I've discovered some guidance for sandboxing Firefox using the 'sandbox'
> > command. Once I test it a bit, I'll post the results back here. Seems
> to
> > me that if this works, it should be the default.
> >
> > DaveM
> >
> >
> > _______________________________________________ CentOS mailing list
> > CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
> >
> Very difficult to sandbox thunderbird and firefox. But sandbox tool
> actually
> works well for sandboxing viewers of downloaded data. I sandbox all
> content
> that will be viewed by evince and libreoffice.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlDB19QACgkQrlYvE4MpobPbugCfZfbdFXIDLwSk1/hXvXaHvVDS
> cPcAoOGg4eOtAPYVZvqcMmpB8fke1Q0d
> =krFW
> -----END PGP SIGNATURE-----
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list