Note that libgrowl must at some point reach out to the system, either via an IPC to some process that can display notifications or to display the notifications itself, and both of those ought to be prevented by the sandobx.
On Thu, Jun 18, 2009 at 2:33 PM, John Gregg<[email protected]> wrote: > Yes, on Linux the plan is the use the libnotify library, which is a DBus > service. > > Thanks for all the responses; it's clear this needs to be thought of more > like a system call than an untrusted library, and the better plan is to > check inputs including icon data in the renderer as much as possible, than > pass that to the browser to invoke the library. > > Thanks, > -John > > On Thu, Jun 18, 2009 at 2:24 PM, Adam Langley <[email protected]> wrote: >> >> On Thu, Jun 18, 2009 at 1:58 PM, John Gregg<[email protected]> wrote: >> > B. renderer gets notification(iconURL, text) call => hop to browser to >> > download icon => pass back icon data to renderer => call Growl from >> > renderer >> >> Obviously on Linux we'll be using some DBus service for the >> notification rather than Growl, but this design (calling the service >> from the renderer) will /not/ work on Linux. >> >> >> >> AGL > > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
