Bug 589579 - firefox runs in an unconfined domain
Summary: firefox runs in an unconfined domain
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-06 13:23 UTC by Need Real Name
Modified: 2010-08-19 11:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-19 11:32:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2010-05-06 13:23:45 UTC
Description of problem:
Firefox is probably the primary method by which to gain control of a user's system, either via firefox, flash or nsplugin.

It seems sensible that firefox should not run in an unconfined domain.

Comment 1 Daniel Walsh 2010-05-06 14:01:26 UTC
May seem sensible to you, but can you define what security goals the general population wants firefox to run under?  I think you will quickly realize it becomes unconfined_t or at least user_t.

If you want to look into running firefox in a confined environment you can try 

sandbox -X -t sandbox_web_t -W metacity firefox

Or 

turn on allow_unconfined_nsplugin_transition boolean and it will confine you nsplugin plugins.

Comment 2 Need Real Name 2010-05-06 15:49:33 UTC
(In reply to comment #1)
> May seem sensible to you, but can you define what security goals the general
> population wants firefox to run under?

Well I think this sends a confusing message. Fedora is pushing selinux, and the SELinux FAQ says:

---
DAC is standard Linux security, and it provides no protection from broken software or malware running as a normal user or root. Users can grant risky levels of access to files they own.

[..]

A MAC system does not suffer from these problems.
---

But Mark Cox's blog says that Firefox is the most vulnerable app.

So on one hand selinux is being promoted as safe computing, and on the other hand firefox is running unconfined. Mixed messages! =)

Are the library hacks for firefox and its plugins still used?

Comment 3 Daniel Walsh 2010-05-06 19:23:33 UTC
I tend to agree, but if the latest HOUSE on hulu.com does not work because of SELinux, then SELinux gets disabled.  This is why we call it "targeted" policy.  We have slowly moving toward the point where we can control parts of firefox/chromium but we are not there yet.


Note You need to log in before you can comment on or make changes to this bug.