A new kind of security needed
- From: "Matt Reimer" <mattjreimer@xxxxxxxxx>
- Date: Wed, 16 Jul 2008 17:10:32 -0700
Is anyone else nervous trusting all his programs to have access to all
his files? Is there already a reasonable solution to this problem?
It makes me nervous for, say, Firefox and its plugins to be able to
read and write every file I own, whether it's gnucash, ~/.ssh, or
other sensitive files.
Programs could be set up to run under their own uids, but this is
cumbersome, especially in a desktop environment.
One possibility would be to "filewall" off a program--say, Firefox--so
that of all my uid's files Firefox is only able to read or write
~/.mozilla. If we had app signatures like it seems OS X does, then
maybe a "filewall" MAC module could use extended attributes to grant
access to files based on the app's signature. Permission could be
granted to the application to access other files through a special
file picker, so the user is always in control.
Thoughts?
Matt
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: A new kind of security needed
- From: Jason Stone
- Re: A new kind of security needed
- From: Chris Palmer
- Re: A new kind of security needed
- Prev by Date: Re: freebsd-update not pulling in BIND update
- Next by Date: Re: A new kind of security needed
- Previous by thread: freebsd-update not pulling in BIND update
- Next by thread: Re: A new kind of security needed
- Index(es):
