[CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
Rob Townley
rob.townley at gmail.comFri Dec 7 22:05:24 UTC 2012
- Previous message: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
- Next message: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Let us know how it goes. i thought i followed one of Daniel Walsh's blog posts to sandbox firefox and don't remember it being that bad, but that was well over a year ago. Since he maintained selinux for RedHat for a number of years, ... he probably knows what he is talking about. He was always on top of selinux reported bugs. You may want to check out Qubes-OS. Qubes-OS is based on Fedora by the creator of bluepill guestOS to hypervisor code. On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey <davidmcguffey at verizon.net>wrote: > Moat of the advanced persistent threats (APT) are initiated via e-mail. > Opening an attachment or clicking on a web link starts the process. > > Why isn't Firefox and Evolution confined with SELinux policy in a way > that APT can't damage the rest of the system? Why are we not sandboxing > these two apps with SELinux? > > I've discovered some guidance for sandboxing Firefox using the 'sandbox' > command. Once I test it a bit, I'll post the results back here. Seems > to me that if this works, it should be the default. > > DaveM > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
- Previous message: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
- Next message: [CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list