On Jul 28, 2008, at 12:28 PM, Matt Reimer wrote:
My idea was to basically have a secure file picker that grants the app (e.g. Firefox) access to the file, in a way that would be transparent to the user. For example, when Firefox wants to save a PDF it displays the file picker as usual and the file is saved. Underneath what's happening is that Firefox talks to the trusted system filepicker via a socket, and depending on the user's input it grants access to the file, whether temporarily or permanently.
How can the trusted system filepicker know that it is receiving messages from the true Firefox filepicker, and in response to true user gestures? (Basically, it can't.) Microsoft had to deal with this problem; see e.g. http://en.wikipedia.org/wiki/User_Account_Control.
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
