[Pidgin] mmcco modified

[Pidgin]

Page "mmcco" was changed by mmcco
Diff URL: <https://developer.pidgin.im/wiki/mmcco?action=diff&version=53>
Revision 53
Comment: Pidgin processes need continued access to /usr/share for GTK stuff, other related privsep fixes
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: mmcco
=========================================================================
--- mmcco (version: 52)
+++ mmcco (version: 53)
@@ -134,13 +134,16 @@
 
 Privilege separation is one of the easiest ways to improve Pidgin's security.
 
-Generally, there are only two types of file access for Pidgin/libpurple:
+After initial library loading, there are three types of file access for Pidgin:
 * access to libpurple-specific files in `~/.purple/`
 * access to files in arbitrary locations for file transfers
+* GTK-related files (icons, etc.) from `/usr/share`
 
-This makes the solution pretty clear: have a process for Pidgin's core that's chrooted to `~/.purple/` and a file transfer helper process with arbitrary file access.
+Of course, the third does not apply to libpurple.
 
-Later, additional daemons could be added for things like logging and chrooted to subdirectories of `~/.purple/`. This would further protect user credentials and OTR keys.
+This suggests a solution: we can have a process for Pidgin's core that's restricted to `~/.purple/` and `/usr/share`, and a file transfer helper process with arbitrary file access.
+
+Later, additional daemons could be added for things like logging and restricted to subdirectories of `~/.purple/`. This would further protect user credentials and OTR keys.
 
 === Breakages ===
 
-------8<------8<------8<------8<------8<------8<------8<------8<--------

--
Page URL: <https://developer.pidgin.im/wiki/mmcco>
Pidgin <https://pidgin.im>
Pidgin

This is an automated message. Someone added your email address to be
notified of changes on 'mmcco' page.
If it was not you, please report to datallah at pidgin.im.