On Sun, May 10, 2015 12:57 pm, David Woodhouse wrote:
On Sun, 2015-05-10 at 12:47 -0700, Ryan Sleevi wrote:
If the user requests NSS to load a module. It should load that module.
And that module only. Period.
The canonical per-user way to request an application to load a module is
On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote:
On Fri, 2015-05-08 at 15:07 -0700, Ryan Sleevi wrote:
Yes, it should. You'll introduce your users to a host of security issues
if you ignore them (especially for situations like Chrome). For example,
if you did what you propose to do,
On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote:
No, you should be able to do it w/o patching NSS.
OK... how?
If the Shared System Database wasn't such an utter failure, not even
being used by Firefox itself, then just installing it there would have
been a nice idea. But *nothing*
On Sun, 2015-05-10 at 12:07 -0700, Ryan Sleevi wrote:
On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote:
On Fri, 2015-05-08 at 15:07 -0700, Ryan Sleevi wrote:
Yes, it should. You'll introduce your users to a host of security issues
if you ignore them (especially for situations like
On Sun, May 10, 2015 12:31 pm, David Woodhouse wrote:
You don't need to expose it to the sandbox to use PKCS#11 in the web
browser. That's not how modern sandboxed browsers work.
That sounds like a bit of a failure of the sandboxing to me. Just so I
understand what you're saying...
On Sun, 2015-05-10 at 12:11 -0700, Ryan Sleevi wrote:
On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote:
No, you should be able to do it w/o patching NSS.
OK... how?
If the Shared System Database wasn't such an utter failure, not even
being used by Firefox itself, then just
On Sun, 2015-05-10 at 12:47 -0700, Ryan Sleevi wrote:
If the user requests NSS to load a module. It should load that module.
And that module only. Period.
The canonical per-user way to request an application to load a module is
for me to create a file in ~/.config/pkcs11/modules/*.module which
7 matches
Mail list logo