[fdo] Security for desktop apps
Dr. David Alan Gilbert
freedesktop at treblig.org
Sat Dec 13 17:25:34 PST 2008
Hi,
I'm curious what work has been done on security desktop apps using
things like SELinux and AppArmor or equivalents on other OSs.
At the moment it seems to be the norm for apps to both read and
change their config files if they have them and that seems to offer
the potential for malware to exploit a bug in an app to make it
easily propagate to the next invocation of the app.
My general thoughts were that it would be better if the 'preferences'
item on an app were to exec a separate executable that was somehow
flagged as having permission to fiddle with the config but didn't
deal with file or network data; I realise though that potentially
that's tricky given that some apps currently include plugin data or
status data in the same config file.
I'd also be interested if similar work has been done for any other
dot files (I'm thinking things like bashrc or profile).
Do things like gconfd know what app is talking to them securely
so that an app can only tweak things relavent to it?
Any thoughts or pointers to existing stuff appreciated.
Dave
--
-----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux on Alpha,68K| Happy \
\ gro.gilbert @ treblig.org | MIPS,x86,ARM,SPARC,PPC & HPPA | In Hex /
\ _________________________|_____ http://www.treblig.org |_______/
More information about the freedesktop
mailing list