Date: Sat, 2 Aug 2008 12:17:20 -0700 From: Chris Palmer <chris@noncombatant.org> To: Matt Reimer <mattjreimer@gmail.com>, Liste FreeBSD-security <freebsd-security@freebsd.org> Subject: Re: A new kind of security needed Message-ID: <5D233428-9099-4924-B7F0-3017FD3C3E77@noncombatant.org> In-Reply-To: <f383264b0807281228t7a20861do2f0c150cb5eb67f3@mail.gmail.com> References: <60254.1216921273@critter.freebsd.dk> <4888C882.30707@elischer.org> <200807242320.m6ONKPgW007279@apollo.backplane.com> <51095.192.168.1.10.1216955905.squirrel@192.168.1.100> <20080725045654.GA1572@baranyfelhocske.buza.adamsfamily.xx> <f383264b0807281228t7a20861do2f0c150cb5eb67f3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 28, 2008, at 12:28 PM, Matt Reimer wrote: > My idea was to basically have a secure file picker that grants the app > (e.g. Firefox) access to the file, in a way that would be transparent > to the user. For example, when Firefox wants to save a PDF it displays > the file picker as usual and the file is saved. Underneath what's > happening is that Firefox talks to the trusted system filepicker via a > socket, and depending on the user's input it grants access to the > file, whether temporarily or permanently. How can the trusted system filepicker know that it is receiving messages from the true Firefox filepicker, and in response to true user gestures? (Basically, it can't.) Microsoft had to deal with this problem; see e.g. http://en.wikipedia.org/wiki/User_Account_Control.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5D233428-9099-4924-B7F0-3017FD3C3E77>