nspluginwrapper and .PDF files

[Paul C. Rauser]

Over the past several days, I have begin to experiment with enabling the allow_unconfined_nsplugin_transition boolean in a F10 test environment.

One of the most consistent demands from my test users/potential security threats is the ability to open .PDF files.  Using mozplugger to do this launches evince, which throws AVCs all over and is probably undesirable anyway for the reasons listed in Dan Walsh's Nov 4 blog post on http://danwalsh.livejournal.com/

On the other hand, removing mozplugger and using the Adobe Acrobat 8.1.3 Firefox plugin throws lots of AVCs of its own -- and even more when doing things like printing -- and thus may not be the way to go.

If allow_unconfined_nsplugin_transition is to be useful in user land, it seems that the boolean should allow .PDF opening/saving/printing out of the box using either evince or Adobe's reader.  I am happy to bugzilla the AVCs for one or the other and help with testing -- any preference in the community for which one?



Paul C. Rauser 
ægis law group LLP 
901 F Street, N.W. 
Suite 500 

Washington, D.C. 20004 
T: 202 737 3375 
F: 202 737 3330 
E: prauser at aegislawgroup.com 

NOTICE: This communication from Aegis Law Group LLP may contain information that is legally privileged, confidential, or exempt from disclosure. If you are not the intended recipient, please note that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by return e-mail and delete all copies.