On 09/28/2015 12:56 PM, Oliver Grawert wrote: > well, we store at least a plaintext password in the syncevolution > settings which the article i linked to complains about ... > > and you cant really make sure that an app doesnt do the same in its > applicatiopn config dir, we simply dont control that. > so having the browser ignore or deny the file:// protocol would be a quick > way to prevent that (and i must say i personally dont really see a need to > support file:/// on a phone) > Again intercepting the file:// protocol on the ui is a band aid and does not fix the problem, if the file system is still available to any exploit. The only solution is correct confinement and using content hub style access and delegation of access.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1393515 Title: browser allows browsing the phone filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1393515/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
