Snowfox:White list firefox with gcj for intranets [was What next]

Thu Jun 2 15:43:52 UTC 2005

On Wed, 2005-06-01 at 23:46 -0700, Aaron Kurtz wrote: 
> On Wed, 2005-06-01 at 22:24 -0500, W. Michael Petullo wrote:
> > > Maybe it's time to start the brainstorming for Fedora Core 5 and Fedora
> > > Extras 5 - what major features are you willing to put effort into?
> > And here are of few more of interest to me:
> > 
> > - Bugzilla #158657 Build totem's Mozilla plugin
> > - Bugzilla #127537 Free software applet viewer plugin
> 
> http://www.nongnu.org/gcjwebplugin/ is being worked on. The blocker is
> the current lack of sandboxing.
> 

Why not adapt the firefox source rpm to build an extra binary (
  of /usr/lib/firefox-1.0.4/firefox-bin ) package called 
Snowfox - a White list Firefox for intranets.

The Snowfox binary would use separate plug-in and user configure
directories than the Firefox binary, but only be able to access URIs
from an assigned "white list". Snowfox would pass any URLs not matching
the white list to the normal Firefox. A Firefox extension could perform
the same role, passing URLs in the white list to Snowfox. The Snowfox
client would perform vetting using the referrer URL to stop cross-linked
attacks.    

The advantage is that it separates the data, cache cookies and plug-ins
used with intranets and Internet. SELinux can be used to further isolate
each instance. You could then deploy trusted plug-ins for Snowfox
without the fear of having them abused like Active-X. That means you can
use Snowfox to deploy GCJ, Python and Perl based plugins which could
access the user environment.

This is something which could be developed downstream at Mozilla, but
trivial enough to it with a patch for the current or next Fedora.

> > - Free software flash viewer?
> http://www.schleef.org/swfdec/ plays some Flash, but fails on interactive and later Flash versions.
> 
> 
> -- 
> Aaron Kurtz <a.kurtz at hardsun.net>             GPG Key ID: ED588CF2
> 
-- 
David Mohring <heretic at ihug.co.nz>