[CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
Rob Townley
rob.townley at gmail.com
Fri Dec 7 22:05:24 UTC 2012
Let us know how it goes. i thought i followed one of Daniel Walsh's blog
posts to sandbox firefox and don't remember it being that bad, but that was
well over a year ago. Since he maintained selinux for RedHat for a number
of years, ... he probably knows what he is talking about. He was always on
top of selinux reported bugs.
You may want to check out Qubes-OS. Qubes-OS is based on Fedora by the
creator of bluepill guestOS to hypervisor code.
On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey <davidmcguffey at verizon.net>wrote:
> Moat of the advanced persistent threats (APT) are initiated via e-mail.
> Opening an attachment or clicking on a web link starts the process.
>
> Why isn't Firefox and Evolution confined with SELinux policy in a way
> that APT can't damage the rest of the system? Why are we not sandboxing
> these two apps with SELinux?
>
> I've discovered some guidance for sandboxing Firefox using the 'sandbox'
> command. Once I test it a bit, I'll post the results back here. Seems
> to me that if this works, it should be the default.
>
> DaveM
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list