Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Running your browser in Red Hat's SELinux sandbox [1] [2] limits the ports you can connect to and thus limits this type of attack to those ports (80, 81, 443, 488, 8008, 8009, 8443, and 9000 in the default configuration).

[1] http://danwalsh.livejournal.com/31146.html [2] http://www.bress.net/blog/archives/195-Firefox-in-a-sandbox-...



This is the only advice in this threads that actually solves the issue.

Doesn't have to be SELinux, any of the frameworks will do. Or run it in a new network namespace.


Sort of. It solves this specific attack.

If you were attacking a local webapp interface instead of a non-http daemon like redis, you would need your browser to be able to access the web service. At that point, this kind of attack would still allow an attacker to also access that web service.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: