Before getting into "sandboxing" files, Chromes needs to a facelift on the existing expected functionality, unreasonable restrictions and real bugs related to file associations which will be white listed by the user by virtue of having installed file handlers.
All is needed a permissiom based system, but that should not restrict the useful functionality that exist in browsers. -- Carlos Pizano wrote: > Sandboxie requires one or more drivers, we don't want to get into that > kind of intrusive OS modification. However, I welcome any concrete > idea that does not involve drivers or system level services. > > -cpu > > On Tue, Sep 23, 2008 at 9:05 PM, david [b] rosen <[EMAIL PROTECTED]> wrote: > > > > Sandboxing the browser tabs themselves is a big improvement over > > firefox/ie, but I feel that it isn't enough. Any files downloaded > > should remain jailed in a sandbox specific to the domain of its > > origin, until and unless the user explicitly moves any of them out of > > the sandbox. I'm envisioning this being similar to one of the third- > > party sandbox programs like Sandboxie, but instead of everything going > > into one (or one of a few) explicitly-defined sandbox(es), a separate > > sandbox should be created automatically for each domain as needed. > > > > Of course we need a way to open such documents within the sandbox, > > meaning that the application that opens it should be a separate > > instance that is tainted to be able to write only within the sandbox. > > I think some of the sandbox utilities do this, and Vista does > > something similar by effectively separating domains by their > > "integrity level," but it does not separate them by domain, so there's > > nothing to stop malware from one site from modifying the data that you > > send to another site of the same integrity level. > > > > I know this is getting more towards the operating system level, but > > what do you think? > > > > david rosen > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
