Re: Is Firefox a Good Thing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/13/06, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
On 10/13/06, Andy Green <andy@xxxxxxxxxxx> wrote:
[snip]
> Shouldn't this cause a terrified reassessment of having Firefox in the
> distro at all, given its unique position running as the user (under
> whose credentials, typically, the entire value of the box resides),
> making connections to random addresses and running poorly understood
> local code according to what it finds there?

Before I reinvent the wheel, can someone tell me if something like
this is being done:

For most user applications it would be possible to SELinux sandbox
them very tightly (nothing more than file access to a few specific
files/directories, no sockets to the local box except for printing,
etc) were it not for one issue: File save / File load.

As a result It would really make sense to convert the file save load
into a separate process which can read/write anywhere the user has
access and then communicate to the hosting app via stdin/out or other
lightweight IPC.   The file box app could be carefully audited so that
we could be confident that it would only read and write things with
the users consent.

Most user apps could be tightly confined with only this one little
tool.. gimp, gaim, xchat, etc.

Is anyone already working on something like that?


You mean Firefox isn't under SELinux policies in strict mode?

--
Fedora Core 5 and proud

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux