Comment 7 for bug 1662501
Revision history for this message
| vvhk (vvhk-deactivatedaccount-deactivatedaccount) wrote | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
Jamie,
thanks for the elaborate explanation and directing the issue where it matters.
I'd just like to comment on switching the issue to "firefox" package and "the firefox profile can be adjusted to remove the user-files abstraction ..."
Removal of "user-files" abstraction would weaken the security because user-files contains explicit DENY rules for ~/.ssh and kde|gnome wallets, as well as ~/.gpg (!!). While that would, in turn, also imply removal of "@{HOME}/** r" ruleset, and thus imply no access to files in user's HOME directory at all, it would compound with default Firefox' policy of "/**/ r," which would then allow at least listing of all user files.
The user-files abstraction is important. It protects known sensitive files, but it should also deny all access to anything but ~/Downloads and/or ~/Public. With a few comments with which the user can be directed to easily re-enable full @{HOME} access if she or he so desires.