Hi, On Fri, 2015-09-11 at 11:29 -0400, Daniel J Walsh wrote: > Sandboxing apps is about protecting your desktop from the app, Not > protecting your > app from unsandboxed apps on your desktop. > > If we had a sandboxed > firefox when a firefox vulnerability happens, then my ~/.ssh content > is much > less at risk. Similarly my financial data and other financial data > is > not at risk. > > If we could sandbox the largest GUI Apps like firefox, > evince/acroread, > Libreoffice, games > this would be a big step forward in securing the desktop, even if > some > users continue > to download apps from hackme.com. Yeah, that's a big flaw in my argument: sandboxed apps are still useful because they provide benign apps better protection from malicious input, to complement SELinux. > Yes although most people have not, or only a few packages. > Sandboxing apps > is about protecting you from bugs in trusted apps, not about > preventing > untrusted > apps that you install bypassing security. That's actually what we were hoping to use the sandbox for: to protect the user from malicious apps. Michael -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
