On Friday 28 October 2005 03:34 pm, Bas Wijnen wrote: > If the system is well designed, then there is no problem. First of all, it > doesn't sound like a good idea to need a plugin just to set your > preferences. But even if it is, you don't need to give it permission to > write to your *entire* configuration. If mozilla is well designed (where > well-designed means "using the capability system effectively", which of > course it doesn't), it can allow the plugin to write some configuration > once, but not allow it to install a proxy.
For example, look at this extension: http://www.roundtwo.com/product/switchproxy Whether you like it or not, this kind of extensions are very useful for some people, so they will use. "Do not use such a silly plugin" is not an appropriate answer for this, since the purpose of a good secure framework is to allow people to use untrusted code such as this with no or little risk. I meant here that 100% (or maybe 99.99%) security is simply impossible without sacrificing convenience or freedom. This is because people may not clearly draw a border line between what they want and what they don't want. So, decisions must be always based on a balanced view. Otherwise, conclusions would be far away from the reality. Okuji _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
