Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 12:22 UTC (Wed) by MathFox (guest, #6104)
In reply to: Walsh: Introducing the SELinux Sandbox by jamesmrh
Parent article: Walsh: Introducing the SELinux Sandbox

Running Firefox in a sandbox, protecting the user from malicious plugins and websites, sounds like a good idea. I don't see much use in sandboxing simple programs like cp and mv, verifying something as complex as Firefox is hard enough, even when you are ignoring plugins.

I wonder whether it is possible to get a storage abstraction layer like GnomeVFS security audited or properly sandboxed?

to post comments

Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 12:35 UTC (Wed) by rahulsundaram (subscriber, #21946) [Link] (1 responses)

http://danwalsh.livejournal.com/15700.html

Fedora installs nspluginwrapper even on 32-bit systems forcing the plugins to run in a separate process which is then confined by a policy, configurable with a boolean. Increases stability and security

Walsh: Introducing the SELinux Sandbox

Posted May 27, 2009 14:29 UTC (Wed) by MathFox (guest, #6104) [Link]

Running the plugins in a separate (restricted) process is only part of the solution; one should handle all code and data from a webserver as untrusted. The Chrome way: splitting off download and rendering of a webpage into a separate process allows to sandbox the most critical part of webbrowsing.

I think that it is correct to "taint" OOo after it has read an untrusted document... who tells me that it doesn't contain bad macros? (It appears that Dan Walsh balanced "ease of use" and "security" differently.)