Bug 589579 - firefox runs in an unconfined domain
firefox runs in an unconfined domain
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-06 09:23 EDT by Need Real Name
Modified: 2010-08-19 07:32 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-19 07:32:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2010-05-06 09:23:45 EDT
Description of problem:
Firefox is probably the primary method by which to gain control of a user's system, either via firefox, flash or nsplugin.

It seems sensible that firefox should not run in an unconfined domain.
Comment 1 Daniel Walsh 2010-05-06 10:01:26 EDT
May seem sensible to you, but can you define what security goals the general population wants firefox to run under?  I think you will quickly realize it becomes unconfined_t or at least user_t.

If you want to look into running firefox in a confined environment you can try 

sandbox -X -t sandbox_web_t -W metacity firefox

Or 

turn on allow_unconfined_nsplugin_transition boolean and it will confine you nsplugin plugins.
Comment 2 Need Real Name 2010-05-06 11:49:33 EDT
(In reply to comment #1)
> May seem sensible to you, but can you define what security goals the general
> population wants firefox to run under?

Well I think this sends a confusing message. Fedora is pushing selinux, and the SELinux FAQ says:

---
DAC is standard Linux security, and it provides no protection from broken software or malware running as a normal user or root. Users can grant risky levels of access to files they own.

[..]

A MAC system does not suffer from these problems.
---

But Mark Cox's blog says that Firefox is the most vulnerable app.

So on one hand selinux is being promoted as safe computing, and on the other hand firefox is running unconfined. Mixed messages! =)

Are the library hacks for firefox and its plugins still used?
Comment 3 Daniel Walsh 2010-05-06 15:23:33 EDT
I tend to agree, but if the latest HOUSE on hulu.com does not work because of SELinux, then SELinux gets disabled.  This is why we call it "targeted" policy.  We have slowly moving toward the point where we can control parts of firefox/chromium but we are not there yet.

Note You need to log in before you can comment on or make changes to this bug.