review requested: https://wiki.mozilla.org/Apps/Security#FLASK_for_enforcing_permissions
i've thought about this some more and have updated it for accuracy as well. the basic position is that the present model which implements WebAPIs within the same threads/processes (fork, pthread) is fundamentally flawed and cannot be secured. period. if you want proper security, you *have* to have a firebreak between critical functionality such as actual dialing etc. but more than that you have to have the dialer front-end *application* as a completely separate application as well, such that permissions cannot be "leeched" by a rogue app and used to pretend to the OS that the rogue app _is_ the dialer. the only way to fully protect against buffer overruns and other loveliness is to actually have completely separate executables. not even fork() will suffice. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
