A new kind of security needed
Matt Reimer
mattjreimer at gmail.com
Thu Jul 17 00:34:34 UTC 2008
Is anyone else nervous trusting all his programs to have access to all
his files? Is there already a reasonable solution to this problem?
It makes me nervous for, say, Firefox and its plugins to be able to
read and write every file I own, whether it's gnucash, ~/.ssh, or
other sensitive files.
Programs could be set up to run under their own uids, but this is
cumbersome, especially in a desktop environment.
One possibility would be to "filewall" off a program--say, Firefox--so
that of all my uid's files Firefox is only able to read or write
~/.mozilla. If we had app signatures like it seems OS X does, then
maybe a "filewall" MAC module could use extended attributes to grant
access to files based on the app's signature. Permission could be
granted to the application to access other files through a special
file picker, so the user is always in control.
Thoughts?
Matt
More information about the freebsd-security
mailing list