Red Hat Bugzilla – Bug 589579
firefox runs in an unconfined domain
Last modified: 2010-08-19 07:32:34 EDT
Description of problem:
Firefox is probably the primary method by which to gain control of a user's system, either via firefox, flash or nsplugin.
It seems sensible that firefox should not run in an unconfined domain.
May seem sensible to you, but can you define what security goals the general population wants firefox to run under? I think you will quickly realize it becomes unconfined_t or at least user_t.
If you want to look into running firefox in a confined environment you can try
sandbox -X -t sandbox_web_t -W metacity firefox
turn on allow_unconfined_nsplugin_transition boolean and it will confine you nsplugin plugins.
(In reply to comment #1)
> May seem sensible to you, but can you define what security goals the general
> population wants firefox to run under?
Well I think this sends a confusing message. Fedora is pushing selinux, and the SELinux FAQ says:
DAC is standard Linux security, and it provides no protection from broken software or malware running as a normal user or root. Users can grant risky levels of access to files they own.
A MAC system does not suffer from these problems.
But Mark Cox's blog says that Firefox is the most vulnerable app.
So on one hand selinux is being promoted as safe computing, and on the other hand firefox is running unconfined. Mixed messages! =)
Are the library hacks for firefox and its plugins still used?
I tend to agree, but if the latest HOUSE on hulu.com does not work because of SELinux, then SELinux gets disabled. This is why we call it "targeted" policy. We have slowly moving toward the point where we can control parts of firefox/chromium but we are not there yet.