Date: Tue, 29 Jul 2008 07:12:41 +0200 From: Szilveszter Adam <sziszi@bsd.hu> To: freebsd-security@freebsd.org Subject: Re: A new kind of security needed Message-ID: <20080729051241.GA1995@baranyfelhocske.buza.adamsfamily.xx> In-Reply-To: <f383264b0807281228t7a20861do2f0c150cb5eb67f3@mail.gmail.com> References: <60254.1216921273@critter.freebsd.dk> <4888C882.30707@elischer.org> <200807242320.m6ONKPgW007279@apollo.backplane.com> <51095.192.168.1.10.1216955905.squirrel@192.168.1.100> <20080725045654.GA1572@baranyfelhocske.buza.adamsfamily.xx> <f383264b0807281228t7a20861do2f0c150cb5eb67f3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 28, 2008 at 12:28:38PM -0700, Matt Reimer wrote: > My idea was to basically have a secure file picker that grants the app > (e.g. Firefox) access to the file, in a way that would be transparent > to the user. For example, when Firefox wants to save a PDF it displays > the file picker as usual and the file is saved. Underneath what's > happening is that Firefox talks to the trusted system filepicker via a > socket, and depending on the user's input it grants access to the > file, whether temporarily or permanently. > > If Firefox is using the standard GTK file picker, then only GTK would > need to be changed. Well, you have snipped the part of my message that deals with this: The mere idea of "trusted" system components is faulty. There is nothing on a standard PC that you can trust, when it comes down to it. Not even the hardware. Remember, if you can install a new application, a malware author can do the same. It only takes one hole in such a "trusted" service, and all of your machine is 0wned. There is a very long history of such disasters on Windows, where it is quite common to split software in two parts: one that runs with priviledge in the background as a service (you could say a daemon on Unix) and one that runs as the user and displays the GUI. Many anti-virus products work this way. There have been just too many cases when this design just blew up and led to a system compromise instead of just eg deleting all the jpg-s of the user. Security is a complex matter... -- Regards: Szilveszter ADAM Budapest Hungary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080729051241.GA1995>