On 10/13/06, Andy Green <andy@xxxxxxxxxxx> wrote: [snip]
Shouldn't this cause a terrified reassessment of having Firefox in the distro at all, given its unique position running as the user (under whose credentials, typically, the entire value of the box resides), making connections to random addresses and running poorly understood local code according to what it finds there?
Before I reinvent the wheel, can someone tell me if something like this is being done: For most user applications it would be possible to SELinux sandbox them very tightly (nothing more than file access to a few specific files/directories, no sockets to the local box except for printing, etc) were it not for one issue: File save / File load. As a result It would really make sense to convert the file save load into a separate process which can read/write anywhere the user has access and then communicate to the hosting app via stdin/out or other lightweight IPC. The file box app could be carefully audited so that we could be confident that it would only read and write things with the users consent. Most user apps could be tightly confined with only this one little tool.. gimp, gaim, xchat, etc. Is anyone already working on something like that? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list