Re: (in)SECURITY: mozilla-bonobo

> 2a. Instead of adding a flag, use the "bonobo:supported_uri_schemes" oaf attribute.
>     This way, one can limit the used components to those that advertise that they
>     handle the protocols (http(s)/ftp) that are used to transfer files on the net.
>     Supposedly components that are aware of those protocols would also handle
>     untrusted data.
Great. This wold solve the problem.

> 3a. Add a warning dialog before a component is used to display a document from the
>     web. This would ofcourse not provide any real security, but it would inform
>     the user of the risk he is taking and give an opportunity to cancel the operation.
> 3b. Add an UI panel with a button that needs to be clicked before a document is
>     viewed.
I would vote for 3b, but website developers would kill us all. Think
about multimedia streams, for example.

I think that, given the 2a. item is implemented, it is assumed that the
component that handles http(s)/ftp is reasonably security-minded.

If we think about components being loaded "on behalf of the user", we
would never implement such a thing, since the user can download the file
and open it himself. But this sucks. IMHO, implementing the feature
mentioned in 2a., the rest should be left as is.

Keep the great work, Christian!

Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)

|- IT Infrastructure :: Security :: Embedded systems :: Linux
`- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]