[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Child killing UI (was Re: Reliability of RPC services)
|
From: |
Bas Wijnen |
|
Subject: |
Re: Child killing UI (was Re: Reliability of RPC services) |
|
Date: |
Fri, 28 Apr 2006 14:04:49 +0200 |
|
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Fri, Apr 28, 2006 at 01:49:38PM +0200, Pierre THIERRY wrote:
> Scribit Marcus Brinkmann dies 28/04/2006 hora 01:51:
> > > I'm not sure if the powerbox shoudl allow such potentially malicious
> > > behaviour: if the resource is for a plugin, shouldn't the powerbox
> > > be able to tell the user that the plugin indeed will be the
> > > recipient of the capability?
> > It can't, because it is the powerbox of the browser. The plugin does
> > not have its own powerbox.
>
> Why?
Because the browser started it and didn't give it one, as it didn't need it.
If the browser thinks it does need it it can give it, but noone can see if the
browser isn't just proxying the whole thing. So it makes no difference
security-wise: the browser can see everything if it wants.
In general, only for programs which were started directly by the shell does it
make sense to give out a power box.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Process Management (was: Re: Reliability of RPC services), (continued)
- Process Management (was: Re: Reliability of RPC services), Marcus Brinkmann, 2006/04/27
- Re: Process Management (was: Re: Reliability of RPC services), Jonathan S. Shapiro, 2006/04/27
- Re: Process Management (was: Re: Reliability of RPC services), Marcus Brinkmann, 2006/04/27
- Escaping it's parents (was Re: Process Management (was: Re: Reliability of RPC services)), Pierre THIERRY, 2006/04/27
- Re: Escaping it's parents (was Re: Process Management (was: Re: Reliability of RPC services)), Marcus Brinkmann, 2006/04/27
- Child killing UI (was Re: Reliability of RPC services), Pierre THIERRY, 2006/04/27
- Re: Child killing UI (was Re: Reliability of RPC services), Marcus Brinkmann, 2006/04/27
- Re: Child killing UI (was Re: Reliability of RPC services), Pierre THIERRY, 2006/04/27
- Re: Child killing UI (was Re: Reliability of RPC services), Marcus Brinkmann, 2006/04/27
- Re: Child killing UI (was Re: Reliability of RPC services), Pierre THIERRY, 2006/04/28
- Re: Child killing UI (was Re: Reliability of RPC services),
Bas Wijnen <=
- Re: Child killing UI (was Re: Reliability of RPC services), Marcus Brinkmann, 2006/04/28
- Re: Child killing UI (was Re: Reliability of RPC services), Bas Wijnen, 2006/04/28
- Re: Child killing UI (was Re: Reliability of RPC services), Pierre THIERRY, 2006/04/28
- Re: Child killing UI (was Re: Reliability of RPC services), Jonathan S. Shapiro, 2006/04/28
- Re: Reliability of RPC services, Bas Wijnen, 2006/04/25
- Re: Reliability of RPC services, Bas Wijnen, 2006/04/25
- Re: Reliability of RPC services, Jonathan S. Shapiro, 2006/04/25
- Re: Reliability of RPC services, Bas Wijnen, 2006/04/25
- Re: Reliability of RPC services, Tom Bachmann, 2006/04/25
- Re: Reliability of RPC services, Jonathan S. Shapiro, 2006/04/25