On 26/11/09 20:32, Adam Barth wrote:
Jetpack is an opportunity to rethink the extension security model.
Ideally, an extension platform would make it easier for developers to
write secure extensions. I'm happy to discuss ideas with folks
off-list.
Why off-list? This is mozilla.dev.security :-)
Every sandbox/restricted permissions system, from Java to Android apps,
ends up having to have a way for apps to ask permission to have certain
capabilities. And you get the inevitable problem that users just say
"yes", because they want the app to work. Your video player needs access
to your phonebook? What are you going to do if that seems odd - not
watch videos?
Similarly, there will be Jetpacks which work with your password store
and those which don't. How do you deal with that? Just let all Jetpacks
read the password store? Or have a permissions model? If you have one,
what's to stop users just clicking "Yes"?
The only solution to this problem, IMO, is to authenticate authors, not
code. If you know who the author is, to a sufficient level that there's
some chance of a policeman feeling his collar if he turns out to have
written code which steals all your passwords, then there's an incentive
for good behaviour. (This is how EV SSL certs work.) Of course, this
works against "anyone can author an add-on and put it on the web and
have people use it"...
Gerv
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
