Sandboxie requires one or more drivers, we don't want to get into that kind of intrusive OS modification. However, I welcome any concrete idea that does not involve drivers or system level services.
-cpu On Tue, Sep 23, 2008 at 9:05 PM, david [b] rosen <[EMAIL PROTECTED]> wrote: > > Sandboxing the browser tabs themselves is a big improvement over > firefox/ie, but I feel that it isn't enough. Any files downloaded > should remain jailed in a sandbox specific to the domain of its > origin, until and unless the user explicitly moves any of them out of > the sandbox. I'm envisioning this being similar to one of the third- > party sandbox programs like Sandboxie, but instead of everything going > into one (or one of a few) explicitly-defined sandbox(es), a separate > sandbox should be created automatically for each domain as needed. > > Of course we need a way to open such documents within the sandbox, > meaning that the application that opens it should be a separate > instance that is tainted to be able to write only within the sandbox. > I think some of the sandbox utilities do this, and Vista does > something similar by effectively separating domains by their > "integrity level," but it does not separate them by domain, so there's > nothing to stop malware from one site from modifying the data that you > send to another site of the same integrity level. > > I know this is getting more towards the operating system level, but > what do you think? > > david rosen > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
