Snowfox:White list firefox with gcj for intranets [was What next]
David Mohring
heretic at ihug.co.nz
Thu Jun 2 16:07:02 UTC 2005
On Thu, 2005-06-02 at 11:54 -0400, Jakub Jelinek wrote:
> On Fri, Jun 03, 2005 at 03:43:52AM +1200, David Mohring wrote:
> > On Wed, 2005-06-01 at 23:46 -0700, Aaron Kurtz wrote:
> > > On Wed, 2005-06-01 at 22:24 -0500, W. Michael Petullo wrote:
> > > > > Maybe it's time to start the brainstorming for Fedora Core 5 and Fedora
> > > > > Extras 5 - what major features are you willing to put effort into?
> > > > And here are of few more of interest to me:
> > > >
> > > > - Bugzilla #158657 Build totem's Mozilla plugin
> > > > - Bugzilla #127537 Free software applet viewer plugin
> > >
> > > http://www.nongnu.org/gcjwebplugin/ is being worked on. The blocker is
> > > the current lack of sandboxing.
> > >
> >
> > Why not adapt the firefox source rpm to build an extra binary (
> > of /usr/lib/firefox-1.0.4/firefox-bin ) package called
> > Snowfox - a White list Firefox for intranets.
>
> That's unnecessary. gcjwebplugin already works as a small mozilla/firefox
> plugin and the Java applet is running in a separate process.
> To make gcjwebplugin really usable, AppletSecurityManager class needs to
> be written (ATM it is just a dummy class that allows almost everything),
> I guess some Java auditing needs to be done and SELinux policy written for
> gcjappletviewer.
And what about Python, Perl etc?
BTW I'm getting a little tired of ALL the vendors, be it Microsoft,
KDE, Opera, Apple and yes, even Mozilla saying "Trust the browser and
plugin!". Recent history, even including Sun's JVMs, points to the
browser and plugins being the real weak point on ALL desktop platforms.
If you TRULY want fedora/Redhat to provide better security, is not a
little more isolation a better option?
>
> Jakub
>
--
David Mohring <heretic at ihug.co.nz>
More information about the fedora-devel-list
mailing list