On Mon, Jul 14, 2014 at 4:22 AM, <tzi...@gmail.com> wrote: > On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote: > > On 13/07/14 18:35, Vasilis wrote: > > > > > Jonas, I would be really interested in your thoughts. Try as we might > > > > > (in the WebSerial API docs, at least), noone could actually think of > > > > > a use case where providing access to a physical (RS232), or Virtual > > > > > (VirtualUSB or VirtualBluetooth) serial port could be a privacy > > > > > and/or security issue. > > > > > > > > > > It's a whole different beast when you provide access for cameras or > > > > > any USB device, of course, but what could someone do with access to a > > > > > serial port? > > > > > > > > The WebSerial interface doesn't cover the Universal Serial Bus, then? > > > > > > > > For USB, the OS has some underlying knowledge of what the device is, > > > > right? So we could do permissions for USB on a per-device rather than > > > > per-port basis, which is the right way to do it IMO. But AFAIK that's > > > > not possible for RS232. > > > > > > > > Gerv > > Which is the kind of exaggerated security for no real purpose that I > mentioned. > > The three major OSes give you APIs to access any Serial-Port-like device > (physical or virtual) in a straightforward manner, because, for all intents > and purposes, those are Serial ports. Trying to go around this and map > devices with ports ranges from hard (USB, Bluetooth) to impossible (RS232) >
I still don't think I understand your answer here. Will this API allow me to directly address USB devices? To take a concrete case, say that I have a USB printer, will I be able to use this API (subject to user consent) to talk to it directly and print documentS? -Ekr I do agree with Kip, some Serial devices are important and/or dangerous, > but do we really want to set the security of this based on the idea that > someone from a government agency and/or industrial plan will use the power > plant's controlling computer to: > 1. Plug in a serial device, like an Arduino > 2. Access the Internet > 3. Go to a nefarious website > 4. Give access to the PLC, and kaboom. > > Isn't that a little too much paranoia? Should we have restricted the > Camera API because someone could have used it on a computer with a spycam, > thus leaking goverment info and starting WW3? > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
