Hi, On Tue, 2005-05-10 at 08:47 -0400, Bob wrote: > > Other interesting approaches are [..] Integrate > > gcjwebplugin > > out of process with SELinux mandatory access controls when run from > > mozilla. > > I'm somewhat confused here. Will this security implementation only > work for applets being run from within Mozilla, or are the more general > Java 2 Security Model ideas being implemented, available to all Java > programs?
This was just a suggestion to look into if you want an interesting challenge. I believe really sandboxing the gcjwebplugin runtime spawned for mozilla with SELinux access controls will provide an extra layer of security that is even harder to escape from by malicious code. You might be able to expand this idea to arbitrary programs run within the runtime. I haven't investigated yet. Cheers, Mark
signature.asc
Description: This is a digitally signed message part