A new kind of security needed
Szilveszter Adam
sziszi at bsd.hu
Tue Jul 29 05:13:00 UTC 2008
On Mon, Jul 28, 2008 at 12:28:38PM -0700, Matt Reimer wrote:
> My idea was to basically have a secure file picker that grants the app
> (e.g. Firefox) access to the file, in a way that would be transparent
> to the user. For example, when Firefox wants to save a PDF it displays
> the file picker as usual and the file is saved. Underneath what's
> happening is that Firefox talks to the trusted system filepicker via a
> socket, and depending on the user's input it grants access to the
> file, whether temporarily or permanently.
>
> If Firefox is using the standard GTK file picker, then only GTK would
> need to be changed.
Well, you have snipped the part of my message that deals with this:
The mere idea of "trusted" system components is faulty. There is nothing
on a standard PC that you can trust, when it comes down to it. Not even
the hardware. Remember, if you can install a new application, a malware
author can do the same. It only takes one hole in such a "trusted"
service, and all of your machine is 0wned. There is a very long history
of such disasters on Windows, where it is quite common to split software
in two parts: one that runs with priviledge in the background as a
service (you could say a daemon on Unix) and one that runs as the user
and displays the GUI. Many anti-virus products work this way. There have
been just too many cases when this design just blew up and led to a
system compromise instead of just eg deleting all the jpg-s of the user.
Security is a complex matter...
--
Regards:
Szilveszter ADAM
Budapest
Hungary
More information about the freebsd-security
mailing list