What are you assuming about access to actual USB devices? -Ekr
On Sun, Jul 13, 2014 at 11:16 AM, Andrew McCreight <amccrei...@mozilla.com> wrote: > ----- Original Message ----- > > Jonas, I would be really interested in your thoughts. Try as we might > (in the > > WebSerial API docs, at least), noone could actually think of a use case > > where providing access to a physical (RS232), or Virtual (VirtualUSB or > > VirtualBluetooth) serial port could be a privacy and/or security issue. > > > > It's a whole different beast when you provide access for cameras or any > USB > > device, of course, but what could someone do with access to a serial > port? > > I don't know much about serial port access in particular, but at a minimum > I would think that you are adding whatever software the serial device runs > to the attack surface. I would guess they are not very well hardened > against malicious attackers. We have enough problems with graphics drivers > as it is, and that can be worked around to an extent by blacklisting > particular drivers from hardware acceleration. > > Andrew > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
