For applications that spawn a browser, I think the "better" way of doing it would be a Px execute to the browser, as then you would not have to grant the application any additional access to web browser files that it shouldn't need except to spawn a browser.
The underlying security assumption, however, is that this spawn-path can't be abused to gain additional privileges for the application -- Desktop Applications Need "Help" Profiled https://bugs.launchpad.net/bugs/135674 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
