On Mon, Mar 28, 2005 at 11:04:26AM -0500, Stephen Smalley wrote: > I'm not sure I understand your intent. There are two scenarios: > 1) mplayer directly launched by firefox. As the attacker already has [...] > 2) mplayer launched by something other than firefox, e.g. user shell, [...] > user of the downloaded file. Naturally, what you really want there is a > trusted path mechanism. Hmm. I think you are right. I did forget about programs launching other programs. On the other hand, doesn't that give us another option within SELinux? Can't we make mplayer-launched-by-firefox run in a different domain than mplayer-run-by-user? In that domain, it would have access to the downloaded files, but not to the remainder of the user data. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@xxxxxxxxxxx> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
