Mailinglist Archive: opensuse-factory (808 mails)
| < Previous | Next > |
Re: [apparmor] [opensuse-factory] 12.1 is around the corner, and I must make my concerns known.
- From: John Johansen <john.johansen@xxxxxxxxxxxxx>
- Date: Wed, 17 Aug 2011 14:13:15 -0700
- Message-id: <4E4C2EEB.3010906@canonical.com>
On 08/17/2011 01:28 PM, Christian Boltz wrote:
<< snip >>
really limited to users who have admin rights and like tinkering, or
at least don't mind having some restrictions.
currently its the services underneath the desktop that should be
targeted.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
Hello,
<< snip >>
yep, I have to agree currently firefox and desktop aps in general, arerule:The best example is downloading files - if you want to make
Firefox really secure, you can limit write access (which includes
downloads) to /home/*/downloads/**. However I'm quite sure that
you'll then get lots of complaints because of "I can't download
files to ~/coolstuff/" ;-)
The alternative that will avoid this complaints is basically this
/** rw,
but this isn't really more secure than not having a profile at
all. (In fact, someone already posted a modified firefox profile
with such a rule in bugzilla - but I'm quite sure this will be
rejected upstream.
Instead of /**, you could of course use /home/**, /tmp/**,
/var/tmp/** as possible download locations - but that's already
what the filesystem permissions make from the /** rule, so it
isn't more secure. (A normal user doesn't have write permissions
at other places, and if someone runs Firefox as root, well - I
don't even want to think about that...)
owner @{HOME}/** rw,
would be even better
Yes, of course - but in practise it doesn't change too much. A normal
user (hopefully) doesn't have write permissions in another user's home.
And if you don't include /tmp/**, people will probably complain that
they can't download a file to /tmp (which might be a valid location for
"download, unpack and delete the zip/tarball" downloads).
I know about owner restrictions etc. - but my point is that a firefox
profile that makes everybody happy (by allowing storing downloads
anywhere) does not really help security-wise.
And a "secure" firefox profile (restricted to ~/downloads) will cause
lots of complaints ;-)
really limited to users who have admin rights and like tinkering, or
at least don't mind having some restrictions.
currently its the services underneath the desktop that should be
targeted.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |