Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: https MITM attack via user page
Special Forums Cybersecurity https MITM attack via user page Post 302527646 by GSO on Saturday 4th of June 2011 04:43:13 AM
Old 06-04-2011
I'm taking the opportunity to make a quick test post (experimenting with browsers - I am always without fail hacked on this page!) while bringing this log up to date. I've taken the problem over to a thread on the Fedora SELInux forum which can be found here:

mouse pointer stuck in browser sandbox window

I also moved from SL6 over to Fedora 15 to try a current browser version out (SL6 is still using FF 3.X releases). The same bugs result though.

In a nutshell, with an install that should not have (at least in theory) been breached by an attacker gaining direct access to the keyboard, hackers can still hack the browser (running in a SELInux sandbox) -- but they don't seem to be able to hack the webpages so the encrypted VPN connection seems to be holding out - it is hacks like locking the mouse in the sandbox window, and crashing flash, that are getting through (I am fairly well sure at this stage that these are hacks).
Last edited by GSO; 06-19-2011 at 09:31 AM..
 

5 More Discussions You Might Find Interesting

1. Web Development

HTTPS-Home Page issue.

Hi Folks, This might be a very question,but i have not been able to find the solution. While accessing http://16.138.32.128/ in my LAN, i am able to read the index.html placed in DocumentRoot(/var/www/html). However if i tab in https://xx.xx.xx.xx/ ,i am only able to access the default... (0 Replies)
Discussion started by: Hari_Ganesh
0 Replies

2. What is on Your Mind?

Fedora Man Pages Reported Attack Page?

Is firefox complaining to anyone else that this is a Reported Attack Page!? I have used this site a million times and now it feels like complaining. Fedora Manpages: Home (5 Replies)
Discussion started by: cokedude
5 Replies

3. Shell Programming and Scripting

help pulling ${VARS} out of a web page user curl

Here is the code I have so far #!/bin/bash INFOF="/tmp/mac.info" curl --silent http://www.everymac.com/systems/apple/macbook_pro/specs/macbook-pro-core-2-duo-2.8-aluminum-17-mid-2009-unibody-specs.html "$INFOF" I want help putting these specs into a vars Standard Ram: value into $VAR1... (1 Reply)
Discussion started by: briandanielz
1 Replies

4. UNIX for Dummies Questions & Answers

How to switch the user before executing a shell script from web page??

hi, i want to execute a shell script as a different user. the flow is like this. there is a html web page from which i have to call a shell script. web server is apache. to call the shell script from html page, a perl script is required. so the html page calls the perl script and the perl... (2 Replies)
Discussion started by: Little
2 Replies

5. Solaris

Need suggestion:- Failed HTTPS transfer to https://supportfiles.sun.com/curl

Hi Guys, I have recently started reciving below Error message Failed HTTPS transfer to https://supportfiles.sun.com/curl whenever I run /usr/local/bin/sudo /opt/SUNWexplo/bin/explorer -P -q -v from all Servers. Looks like the SSL certificate as Expired. Whenever I type... (4 Replies)
Discussion started by: manalisharmabe
4 Replies

LEARN ABOUT CENTOS

sandbox

SANDBOX(8)							   User Commands							SANDBOX(8)

NAME

       sandbox - Run cmd under an SELinux sandbox

SYNOPSIS

       sandbox	[-C] [-c] [-s] [ -d DPI ] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ]
       [[-i file ]...] [ -t type ] cmd

       sandbox [-C] [-c] [-s] [ -d DPI ] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize  ]
       [[-i file ]...] [ -t type ] -S

DESCRIPTION

       Run  the cmd application within a tightly confined SELinux domain.  The default sandbox domain only allows applications the ability to read
       and write stdin, stdout and any other file descriptors handed to it. It is not allowed to open any other files.	The -M option  will  mount
       an alternate homedir and tmpdir to be used by the sandbox.

       If  you	have  the  policycoreutils-sandbox package installed, you can use the -X option and the -M option.  sandbox -X allows you to run X
       applications within a sandbox.  These applications will start up their own X Server and create a temporary home directory  and  /tmp.   The
       default	SELinux  policy  does  not allow any capabilities or network access.  It also prevents all access to the users other processes and
       files.  Files specified on the command that are in the home directory or /tmp will be copied into the sandbox directories.

       If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with  -l.
       If the MLS/MCS security level is specified, the user is responsible to set the correct labels.

       -h --help
	      display usage message

       -H --homedir
	      Use alternate homedir to mount over your home directory.	Defaults to temporary. Requires -X or -M.

       -i --include
	      Copy this file into the appropriate temporary sandbox directory. Command can be repeated.

       -I --includefile
	      Copy all files listed in inputfile into the appropriate temporary sandbox directories.

       -l --level
	      Specify the MLS/MCS Security Level to run the sandbox with.  Defaults to random.

       -M --mount
	      Create a Sandbox with temporary files for $HOME and /tmp.

       -s --shred
	      Shred temporary files created in $HOME and /tmp, before deleting.

       -t --type
	      Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.

	      Examples:
	      sandbox_t -    No X, No Network Access, No Open, read/write on passed in file descriptors.
	      sandbox_min_t  -	  No Network Access
	      sandbox_x_t    -	  Printer Ports
	      sandbox_web_t  -	  Ports required for web browsing
	      sandbox_net_t  -	  All network ports

       -T --tmpdir
	      Use alternate temporary directory to mount on /tmp.  Defaults to tmpfs. Requires -X or -M.

       -S --session
	      Run a full desktop session, Requires level, and home and tmpdir.

       -w --windowsize

	      Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.

       -W --windowmanager
	      Select alternative window manager to run within sandbox -X.  Default to /usr/bin/matchbox-window-manager.

       -X     Create an X based Sandbox for gui apps, temporary files for $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t

       -d --dpi
	      Set the DPI value for the sandbox X Server. Defaults to the current X Sever DPI.

       -c --cgroups
	      Use  control  groups  to control this copy of sandbox.  Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage
	      are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.

       -C --capabilities Use capabilities within the
	      sandbox. By default applications executed within the sandbox will not be allowed to use capabilities  (setuid  apps),  with  the	-C
	      flag, you can use programs requiring capabilities.

SEE ALSO

       runcon(1), seunshare(8), selinux(8)

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com> and Thomas Liu <tliu@fedoraproject.org>

sandbox 							     May 2010								SANDBOX(8)
All times are GMT -4. The time now is 12:01 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy