Re: Snowfox:White list firefox with gcj for intranets [was What next]
On Thu, 2005-06-02 at 11:54 -0400, Jakub Jelinek wrote:
On Fri, Jun 03, 2005 at 03:43:52AM +1200, David Mohring wrote:
> On Wed, 2005-06-01 at 23:46 -0700, Aaron Kurtz wrote:
> > On Wed, 2005-06-01 at 22:24 -0500, W. Michael Petullo wrote:
> > > > Maybe it's time to start the brainstorming for Fedora Core 5 and
Fedora
> > > > Extras 5 - what major features are you willing to put effort into?
> > > And here are of few more of interest to me:
> > >
> > > - Bugzilla #158657 Build totem's Mozilla plugin
> > > - Bugzilla #127537 Free software applet viewer plugin
> >
> > http://www.nongnu.org/gcjwebplugin/ is being worked on. The blocker is
> > the current lack of sandboxing.
> >
>
> Why not adapt the firefox source rpm to build an extra binary (
> of /usr/lib/firefox-1.0.4/firefox-bin ) package called
> Snowfox - a White list Firefox for intranets.
That's unnecessary. gcjwebplugin already works as a small mozilla/firefox
plugin and the Java applet is running in a separate process.
To make gcjwebplugin really usable, AppletSecurityManager class needs to
be written (ATM it is just a dummy class that allows almost everything),
I guess some Java auditing needs to be done and SELinux policy written for
gcjappletviewer.
And what about Python, Perl etc?
BTW I'm getting a little tired of ALL the vendors, be it Microsoft,
KDE, Opera, Apple and yes, even Mozilla saying "Trust the browser and
plugin!". Recent history, even including Sun's JVMs, points to the
browser and plugins being the real weak point on ALL desktop platforms.
If you TRULY want fedora/Redhat to provide better security, is not a
little more isolation a better option?
Jakub
--
David Mohring <heretic(a)ihug.co.nz>