On 2004-03-28, James Graham <[EMAIL PROTECTED]> wrote:What other technical measures do you need?
Some that might actually be effective; there is some discussion on the Mozillazine thread which included:
Only allow XPIInstall to init after a user click (siimilar to popup blocking)
There's a bug filed for this now, bug 238684. This would be a good thing to do.
Whitelisting of a few trusted sites in the default installation
Not sure about this one - there are already issues with mozdev (in terms of lack of bandwidth, computer and human resources)
I think this is considerably easier than signing (see below)
Whitelisting of a few trusted certificates in the default iinstallation
That makes sense.
But the problem is that, given a few trsusted certificates, there needs to be a mechanism to distribute trust. This basically means that the trusted sites will have to sign third party code. Assuming they don't have the resources to do code review, it seems unlikely that people will want to sign code they haven't verified.
Of course, the same situation exists with whitelisting sites, but:
a) It's easier. There's no need for people to contnually ask for signatures
b) The implicit trust from an extension being on a whitelisted site is less than that from a extension having been signed by a trusted site.
Blacklisting of known-bad extensions or sites (could work like a builtin spyware scanner that refused to install extensions that were known to be harmful)
I can't see how you'd do that without requiring a lot of maintenance from
someone, and you could only update from release to release unless you also
built-in some kind of autoupdating.
That would be necessary, but how hard would it be to write code to automatically look for and install a particular XPI file at a given interval? That's basically what autoupdating would require (although you might want to futz with signatures and so on).
You'd be re-inventing some kind of anti-spyware/anti-virus - why not just leave that to the software out there that does it already.
At the very least, I think there need to be hooks so that an antiwhatever program can scan an XPI before it is installed. Then we need to work with vendors to make sure they do that.
Scanning of extensions to produce a security profile based on the actions those extensions take
Personally, I thought that was an unreasonable suggestion.
True. But if you lock things down too much, then you end up making your product more limited and/or harder to use than the competition.
I don't think that extension installation is a big deal from that point of view. It's not something that a lot of random sites are making use of for legitimate purposes, even in IE. Therefore locking it down shouldn't produce a huge usability hit.
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
