On Tue, Apr 10, 2012 at 4:29 PM, Paul Wouters <pwout...@redhat.com> wrote: > On Tue, 10 Apr 2012, drago01 wrote: > >>> Wouldn't it be better to package Mozilla plugins in Fedora so that they >>> are >>> trusted? >> >> >> rpm packages do not magically fix security issues. A vulnerability in >> a plugin can be exploited by an attacker regardless how the plugin got >> installed. (rpm or not). > > > That's not true. SElinux could be used to restrict what a certain plugin > could do when packages as rpm versus the SElinux properties of files in > a users home directory.
That's not true as well because plugins are libraries not binaries. You can confine the binary (like we did with nspluginwrapper in the past) regardless of where the plugin comes from. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
