[opensuse] AppArmored FireFox for openSUSE 10.3
hi all ! I would like to feature-request AppArmored FireFox for openSUSE 10.3 ! The point is: Microsoft did Protected-mode Internet Explorer 7 in Windows Vista, and so, our community must respond with something. The best response I see is an AppArmored profile for FireFox. I think openSUSE 10.3 needs to have 2 versions of FireFox installed by default; Both AppArmored and normal. The Armored version will *not* allow to save anything anywhere. It will allow to save only in one directory: ~/downloads so all hackers alike will not be able to do much... I understand it will cause problems such as: plugins (Adobe Reader) might stop working, you won't be able to install themes and extensions, etc... This is why we must have both normal version and a secured one ! What do you think of this idea? -- -Alexey Eremenko "Technologov" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
P.S. The armored version must have a separate icon too... what about a knight ? Or FireFox icon with small shield on it? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Mar 16, 2007 at 11:40:37PM +0200, Alexey Eremenko wrote:
hi all !
I would like to feature-request AppArmored FireFox for openSUSE 10.3 !
The point is: Microsoft did Protected-mode Internet Explorer 7 in Windows Vista, and so, our community must respond with something.
The best response I see is an AppArmored profile for FireFox. I think openSUSE 10.3 needs to have 2 versions of FireFox installed by default; Both AppArmored and normal.
The Armored version will *not* allow to save anything anywhere. It will allow to save only in one directory: ~/downloads so all hackers alike will not be able to do much...
I understand it will cause problems such as: plugins (Adobe Reader) might stop working, you won't be able to install themes and extensions, etc... This is why we must have both normal version and a secured one !
What do you think of this idea?
We tried this for SUSE Linux 10.0 and it was quote difficult ;) But with constraints, yes. See /etc/apparmor/profiles/extras/*firefox* for some premade sample profiles. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Mar 16, 2007 at 10:52:27PM +0100, Marcus Meissner wrote:
I would like to feature-request AppArmored FireFox for openSUSE 10.3 ! ... I think openSUSE 10.3 needs to have 2 versions of FireFox installed by default; Both AppArmored and normal.
We tried this for SUSE Linux 10.0 and it was quote difficult ;) But with constraints, yes. See /etc/apparmor/profiles/extras/*firefox* for some premade sample profiles.
Though the idea of providing _two_ firefox programs by default, one confined and one unconfined, is a pretty good idea. The problem with our 10.0 confined mozilla was a _really_ wide-open profile -- it could do nearly anything, but it was supposed to be able to work out-of-the-box for everyone. And yet it wasn't open enough. :) But providing two versions, one intentionally locked down to do very little 'fun' stuff, and one that's more or less wide open, is a really good idea. I'll talk with the Mozilla maintainer. (In his copious spare time -- providing security updates for mozilla and firefox is nearly full-time job.) Thanks for the reminder. :)
OK, I have opened a bug report, so it's better to cross-respond here and there too... https://bugzilla.novell.com/show_bug.cgi?id=255541 mailing-list stuff gets lost after a while (I know there is Archiving, but it's difficult to dig, if you don't remember exactly what you want...) -Alexey -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi, Seth Arnold wrote:
On Fri, Mar 16, 2007 at 10:52:27PM +0100, Marcus Meissner wrote:
I would like to feature-request AppArmored FireFox for openSUSE 10.3 ! ... I think openSUSE 10.3 needs to have 2 versions of FireFox installed by default; Both AppArmored and normal.
We tried this for SUSE Linux 10.0 and it was quote difficult ;) But with constraints, yes. See /etc/apparmor/profiles/extras/*firefox* for some premade sample profiles.
Though the idea of providing _two_ firefox programs by default, one confined and one unconfined, is a pretty good idea.
The problem with our 10.0 confined mozilla was a _really_ wide-open profile -- it could do nearly anything, but it was supposed to be able to work out-of-the-box for everyone. And yet it wasn't open enough. :)
But providing two versions, one intentionally locked down to do very little 'fun' stuff, and one that's more or less wide open, is a really good idea.
I'll talk with the Mozilla maintainer. (In his copious spare time -- providing security updates for mozilla and firefox is nearly full-time job.)
You don't want to let me comment on that one! Feel free to involve me in your discussion if you think it makes sense. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
OK, so I have submitted potential icons for AppArmored Firefox. The shield was taken from OpenClipart gallery - SVG format, public domain. This is the concept that I have for icons. I know those look a bit out-of-water, they are ugly, because they look too 2D, while FireFox itself is rendered much better. We must try to build a 3D shield. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I'd much rather they devote those resources to getting the package management / update stuff right on this, the third try. -- If a kid asks where rain comes from, I think a cute thing to tell him is "God is crying." And if he asks why God is crying, another cute thing to tell him is "Probably because of something you did." -- Jack Handy San Francisco, CA -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Alexey Eremenko
-
Marcus Meissner
-
Michael Nelson
-
Seth Arnold
-
Wolfgang Rosenauer