Comment 14 for bug 1393515
Revision history for this message
| John Johansen (jjohansen) wrote Re: [Bug 1393515] Re: browser allows browsing the phone filesystem | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On 09/28/2015 01:41 PM, Seth Arnold wrote:
> Oliver, except it's not a phone, it's a converged computing device; I
> use file:/// browsing in my desktop and expect to be able to do the same
> when I replace my desktop with my phone, monitor, keyboard, and mouse.
>
> John, I agree that the long run should definitely include an AppArmor
> profile on the browser and use content hub when trying to browse outside
> of that. I just wanted to make the case that blocking file:/// access
> isn't the best way forward, and trying to implement a piece-meal
> security policy via UI modifications is building technical debt that's
> better left unsolved rather than handled poorly. Thanks for forcing a
> clarification.
>
Oh I agree this has to be treated as a hybrid device, not just a phone.
The point I am trying to make is that even just temporarily blocking
file:// via the ui does not address the problem.
The browser still has file access and any vulnerability can take
advantage of it.