Comment 12 for bug 1393515
Revision history for this message
| John Johansen (jjohansen) wrote Re: [Bug 1393515] Re: browser allows browsing the phone filesystem | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On 09/28/2015 12:56 PM, Oliver Grawert wrote:
> well, we store at least a plaintext password in the syncevolution
> settings which the article i linked to complains about ...
>
> and you cant really make sure that an app doesnt do the same in its applicatiopn config dir, we simply dont control that.
> so having the browser ignore or deny the file:// protocol would be a quick way to prevent that (and i must say i personally dont really see a need to support file:/// on a phone)
>
Again intercepting the file:// protocol on the ui is a band aid and does not fix the problem, if the file system is still available to any exploit. The only solution is correct confinement and using content hub style access and delegation of access.