On Jan 23, 2015 7:47 AM, "Daniel J Walsh" <dwa...@redhat.com> wrote: > > > On 01/23/2015 10:25 AM, poma wrote: > > On 23.01.2015 15:12, Kevin Fenzi wrote: > >> On Fri, 23 Jan 2015 12:44:23 +0100 > >> poma <pomidorabelis...@gmail.com> wrote: > >> > >>> On 23.01.2015 10:51, Martin Stransky wrote: > >>>> Folk, > >>>> > >>>> There's a live 0-day flash vulnerability which is not fixed yet > >>>> [1][2]. If you use flash plugin I recommend you to enable the > >>>> click-to-play mode for it. > >>> Are we covered with > >>> $ rpm -q flash-plugin > >>> flash-plugin-11.2.202.438-release.x86_64 > >>> ? > >>> > >>> Ref. > >>> http://helpx.adobe.com/security.html > >> No. > >> > >> http://helpx.adobe.com/security/products/flash-player/apsa15-01.html > >> > >> kevin > >> > >> > >> > > Thanks for reference. > > > > Until this is resolved, is this a valid way: > > $ sandbox -X -T tmp -t sandbox_web_t firefox > > to cover this security issue, or can we isolate only libflashplayer.so, > > not the entire browser. > > > > Daniel, can you comment. > > > > > libflashplayer.so runs within the Mozilla-plugin I believe. If so it > would be confined > if you have not turned on the unconfined_mozilla_plugin_transition boolean. > > If this is the case we are somewhat protected, and of course you run > with setenforce 1. > > sandbox -X will also add more protection.
Unless I'm mistaken, sandbox -X hasn't worked in almost a year. --Andy > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
