Peter Smith wrote: > I am trying to increase system security by restricting Firefox with > TOMOYO Linux 2.2. I have configured initialize_domain and keep_domain > for Firefox and everything seems to work perfect. > > Will my system be protected if some vulnerability is found in a system > library ex. Pango and a website exploit this vulnerability when using > Pango to render the text? I have configured read access for Firefox to > the Pango .so files. I think that that depends on what does the exploit attempt. If the exploit attempted to start some other application (e.g. /bin/sh) by overwriting the Firefox process image (i.e. by using execve() system call), TOMOYO will reject such attempts since you are protecting the Firefox process image using TOMOYO's enforcing mode. If the exploit attempted to start some other application without overwriting the Firefox process image (i.e. by using IPC mechanisms), TOMOYO will not be able to protect your system unless you also protect that application using TOMOYO's enforcing mode. If possible, you should also protect the application that launches new applications via IPC mechanisms. (And sorry for inconvenience that TOMOYO 2.2 cannot restrict only allow_execute permission whereas TOMOYO 2.3 can do it.)
TOMOYO
Fork