Is anyone else nervous trusting all his programs to have access to all his files? Is there already a reasonable solution to this problem?
It makes me nervous for, say, Firefox and its plugins to be able to read and write every file I own, whether it's gnucash, ~/.ssh, or other sensitive files. Programs could be set up to run under their own uids, but this is cumbersome, especially in a desktop environment. One possibility would be to "filewall" off a program--say, Firefox--so that of all my uid's files Firefox is only able to read or write ~/.mozilla. If we had app signatures like it seems OS X does, then maybe a "filewall" MAC module could use extended attributes to grant access to files based on the app's signature. Permission could be granted to the application to access other files through a special file picker, so the user is always in control. Thoughts? Matt _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
