On Mon, Jul 28, 2008 at 12:28:38PM -0700, Matt Reimer wrote: > My idea was to basically have a secure file picker that grants the app > (e.g. Firefox) access to the file, in a way that would be transparent > to the user. For example, when Firefox wants to save a PDF it displays > the file picker as usual and the file is saved. Underneath what's > happening is that Firefox talks to the trusted system filepicker via a > socket, and depending on the user's input it grants access to the > file, whether temporarily or permanently. > > If Firefox is using the standard GTK file picker, then only GTK would > need to be changed.
Well, you have snipped the part of my message that deals with this: The mere idea of "trusted" system components is faulty. There is nothing on a standard PC that you can trust, when it comes down to it. Not even the hardware. Remember, if you can install a new application, a malware author can do the same. It only takes one hole in such a "trusted" service, and all of your machine is 0wned. There is a very long history of such disasters on Windows, where it is quite common to split software in two parts: one that runs with priviledge in the background as a service (you could say a daemon on Unix) and one that runs as the user and displays the GUI. Many anti-virus products work this way. There have been just too many cases when this design just blew up and led to a system compromise instead of just eg deleting all the jpg-s of the user. Security is a complex matter... -- Regards: Szilveszter ADAM Budapest Hungary _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
