I like the idea of optionally opening downloaded files only in web apps (Sean Bell). Or if they choose to download it we could optionally set the file extension to a custom value (for a given mime type) such as .untrusted-doc and .untrusted-exe, then we could associate those file extensions with safer (e.g. a sanitizer-viewer) or sandboxed or web apps.
Of course we might also want to know the domain or site of origin of such a file, which could be labeled in the Alternate Data Stream (Den Molib) or similar. Or maybe a more platform-independent solution could be to make the domain part of the filename like "somedocument. $diceydomain.com$.untrusted-doc" . On Sep 28, 3:21 am, "Sean Bell" <[EMAIL PROTECTED]> wrote: > A FANTASTIC way of providing sandboxing for common filetypes and to promote > what GOOGLE CHROME is all about would be to offer the option to open all > files in WEB APPS. > Provide an set of drop down configs in the configuration menu that alllow > for 2 sets of associations with the files - the standard associations which > go to WINDOWS, and then the sandboxed associations which open the DLed files > in WEB APPS of your choice. > > The web apps remain in the sandbox and have not only much greater isolation > from the system, but also showcase the seamless desktop/web interface speed > which V8 and chrome provide. > > The Google Toolbar in FF/IE offers the option of opening word/excel/etc. > files in Google Documents - similar apps should be able to handle ZIP files > and just about anything else! > > Of course there would have to be some good interfaces to the web apps to > "shadow copy" the downloaded files and have the remote server download them > as well... Is there an area in the Chrome WIKI that we can do some > documentation and planning on something like this? > > On Sat, Sep 27, 2008 at 9:26 PM, david [b] rosen <[EMAIL PROTECTED]> wrote: > > > > > Point taken. What about providing a way for a third party sandbox to > > allow itself to be invoked by chrome with specified domain and in turn > > it would run the tab process? Chrome wouldn't get involved in system- > > level stuff but that way it would be possible to get that level of > > sandboxing by using chrome in combination with such a product. I > > realize this isn't very concrete (yet) but I'm just wondering what you > > think... > > > -david > > > On Sep 26, 10:23 pm, "Carlos Pizano" <[EMAIL PROTECTED]> wrote: > > > Sandboxie requires one or more drivers, we don't want to get into that > > > kind of intrusive OS modification. However, I welcome any concrete > > > idea that does not involve drivers or system level services. > > > > -cpu > > > > On Tue, Sep 23, 2008 at 9:05 PM,david [b] rosen<[EMAIL PROTECTED]> > > wrote: > > > > > Sandboxing the browser tabs themselves is a big improvement over > > > > firefox/ie, but I feel that it isn't enough. Any files downloaded > > > > should remain jailed in a sandbox specific to the domain of its > > > > origin, until and unless the user explicitly moves any of them out of > > > > the sandbox. I'm envisioning this being similar to one of the third- > > > > party sandbox programs like Sandboxie, but instead of everything going > > > > into one (or one of a few) explicitly-defined sandbox(es), a separate > > > > sandbox should be created automatically for each domain as needed. > > > > > Of course we need a way to open such documents within the sandbox, > > > > meaning that the application that opens it should be a separate > > > > instance that is tainted to be able to write only within the sandbox. > > > > I think some of the sandbox utilities do this, and Vista does > > > > something similar by effectively separating domains by their > > > > "integrity level," but it does not separate them by domain, so there's > > > > nothing to stop malware from one site from modifying the data that you > > > > send to another site of the same integrity level. > > > > > I know this is getting more towards the operating system level, but > > > > what do you think? > > > > > david rosen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
