[Pidgin] mmcco modified

[Pidgin]

Page "mmcco" was changed by mmcco
Diff URL: <https://developer.pidgin.im/wiki/mmcco?action=diff&version=44>
Revision 44
Comment: initial privilege separation
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: mmcco
=========================================================================
--- mmcco (version: 43)
+++ mmcco (version: 44)
@@ -147,3 +147,16 @@
 On one hand, this stack can be much more minimalist than that of IMs. For example, there is no concept of typing status (a feature which demands a lot of code) or HTML in RTT, and RTT demands far fewer GUI hooks. However, adding a full additional stack demands a lot of boilerplate and code duplication. Additionally, I find the XEP overengineered, which may partially explain why (to my knowledge) no major chat application supports it yet.
 
 I still hope that RTT gets added to Pidgin, but it may not make it for the 3.0 release. If you're interested in working on it, let me know and I'll be happy to help.
+
+
+== Privilege separation ==
+
+Privilege separation is one of the easiest ways to improve Pidgin's security.
+
+Generally, there are only two types of file access for Pidgin/libpurple:
+* access to libpurple-specific files in `~/.purple/`
+* access to files in arbitrary locations for file transfers
+
+This makes the solution pretty clear: have a process for Pidgin's core that's chrooted to `~/.purple/` and a file transfer helper process with arbitrary file access.
+
+Later, additional daemons could be added for things like logging and chrooted to subdirectories of `~/.purple/`. This would further protect user credentials and OTR keys.
-------8<------8<------8<------8<------8<------8<------8<------8<--------

--
Page URL: <https://developer.pidgin.im/wiki/mmcco>
Pidgin <https://pidgin.im>
Pidgin

This is an automated message. Someone added your email address to be
notified of changes on 'mmcco' page.
If it was not you, please report to datallah at pidgin.im.