Re: Mandatory Access Control was Re: Plans for gnome-vfs replacement



David Malcolm <dmalcolm redhat com> wrote:

> (Maybe there's a way to implement a trusted filechooser and only
> allow the app access to files which the user has selected in the
> GUI?

This is what Plash implements (see http://plash.beasts.org).  This
kind of file chooser is known as a powerbox, taking the term from
CapDesk.

> can this be done without having the filechooser out-of-process from
> the main app?)

If the application runs in a virtual machine inside the process, using
programming language based security, then yes.  Otherwise, not really:
if there is no boundary between the application and the file chooser,
or the application can otherwise supply the filename that is
interpreted in the user's namespace, the application can grant itself
access to files without the user having to choose them.

Mark



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]