[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Mon, Aug 10, 2009 at 12:32 AM, PhistucK phist...@chromium.org wrote: Obviously, but since there is a website (what started this thread) and people do run into issues (Help forums) with such a thing, is a specific solution for Flash, at least, coming up soon? People getting infected while using Chrome is... really, really, not optimal. Oh, agreed. But a sandbox for plugins that removes Adobe's ability to let Flash update itself with security fixes doesn't really solve this problem either (which is what some of the discussion earlier in the thread was about). Right now, as I understand it, this vulnerability affects all browsers, not just Chrome--saying that a plugin vendor is in a better position to fix problems within a plugin isn't meant as a cop-out, it's just a description of where the problem lies. Any sandbox is just one line of defense. The underlying problem is that the current spec for browser plugins (NPAPI) effectively gives a plugin all of the capabilities of an application. Flash, since it's a programming environment in its own right, uses those capabilities to deliver value to users. For example, Gmail uses a small Flash application that improves the user experience for attaching files to email messages--but also depends on Flash's ability to access the file system. A video chat widget written in Flash needs access to the I/O subsystem in order to access the webcam. Acrobat (at least in recent versions) allows embedded Javascript, which expands the capabilities of Acrobat but also provides new places for potentially malicious code to live. The fact that these capabilities are used for genuinely useful stuff as well as security exploits is what makes sandboxing plugins difficult. We could turn off file system access, but then all sorts of file upload widgets would break, as well as Flash's own update facility. We could turn off access to other I/O devices, but then webcam and video chat would break. The real solution is to improve the plugin runtime environment so that plugins don't need to talk to the OS directly for these sorts of things. There is active work going on in places like the HTML5 working group, Mozilla's plugin wiki and mailing lists, etc. to make this happen, and we're contributing to that work. All of us, browser and plugin writers alike, are painfully aware of the problems here. And while we don't have a spot fix for this particular malicious website, it does serve as a good example of why that work is necessary. --Amanda --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
I think that maybe a viable interim workaround to flash's vulnerability problems would be to implement something like flashblock by default. There would have to be some always show flash on *.google.com whitelisting option (maybe automatically whitelist bookmarked sites?), and it would have to be an infobar style notification, since not all instances of flash are large enough/visible. But this would basically solve the problem of malicious flash on untrusted websites while not significantly hindering legitimate uses of flash. Is something like this in progress or would it be considered? On Mon, Aug 10, 2009 at 05:50, Amanda Walkerama...@chromium.org wrote: On Mon, Aug 10, 2009 at 12:32 AM, PhistucK phist...@chromium.org wrote: Obviously, but since there is a website (what started this thread) and people do run into issues (Help forums) with such a thing, is a specific solution for Flash, at least, coming up soon? People getting infected while using Chrome is... really, really, not optimal. Oh, agreed. But a sandbox for plugins that removes Adobe's ability to let Flash update itself with security fixes doesn't really solve this problem either (which is what some of the discussion earlier in the thread was about). Right now, as I understand it, this vulnerability affects all browsers, not just Chrome--saying that a plugin vendor is in a better position to fix problems within a plugin isn't meant as a cop-out, it's just a description of where the problem lies. Any sandbox is just one line of defense. The underlying problem is that the current spec for browser plugins (NPAPI) effectively gives a plugin all of the capabilities of an application. Flash, since it's a programming environment in its own right, uses those capabilities to deliver value to users. For example, Gmail uses a small Flash application that improves the user experience for attaching files to email messages--but also depends on Flash's ability to access the file system. A video chat widget written in Flash needs access to the I/O subsystem in order to access the webcam. Acrobat (at least in recent versions) allows embedded Javascript, which expands the capabilities of Acrobat but also provides new places for potentially malicious code to live. The fact that these capabilities are used for genuinely useful stuff as well as security exploits is what makes sandboxing plugins difficult. We could turn off file system access, but then all sorts of file upload widgets would break, as well as Flash's own update facility. We could turn off access to other I/O devices, but then webcam and video chat would break. The real solution is to improve the plugin runtime environment so that plugins don't need to talk to the OS directly for these sorts of things. There is active work going on in places like the HTML5 working group, Mozilla's plugin wiki and mailing lists, etc. to make this happen, and we're contributing to that work. All of us, browser and plugin writers alike, are painfully aware of the problems here. And while we don't have a spot fix for this particular malicious website, it does serve as a good example of why that work is necessary. --Amanda -- Caleb Eggensperger http://calebegg.com/ --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Perhaps Chrome could direct PDFs to the Google online PDF reader. Adobe Reader has a poor track record of security and most PDFs users will encounter won't use its features. Flash remains a tricky problem. --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
We've already started to tackle the issue (see the existing code that is turned on with --safe-plugins), we just haven't solved it. As several of us have said in the thread, we'd welcome additional contributions towards a robust plugin sandbox. However, if someone doesn't believe us when we (a) say it's harder than it looks and (b) give examples, there's not much we can do to convince him or her. In the meantime, anyone who wants to run plugins sandboxed, and put up with the compatibility problems that result, is welcome to use the --safe-plugins switch. That's what it's for. --Amanda On Sat, Aug 8, 2009 at 10:15 AM, PhistucK phist...@chromium.org wrote: Sorry to disturb here, at the end of the line, but - are you not going to tackle this issue? ☆PhistucK -- Portability is generally the result of advance planning rather than trench warfare involving #ifdef -- Henry Spencer (1992) --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Obviously, but since there is a website (what started this thread) and people do run into issues (Help forums) with such a thing, is a specific solution for Flash, at least, coming up soon?People getting infected while using Chrome is... really, really, not optimal. (And frankly... kind of scares me.) I know you are working hard on it, regardless of any complaints or mishaps, I appreciate all of the work that you are doing. I am not saying you are not trying to solve these problems. It is just that, from reading that thread, it seems like you simply said, Hey, that is an Adobe issue, we are not the responsible party and, yeah, OK, it may as well be, but Chrome is infected currently, so even the slightest specific exception for this type of attacks, is not that illogical. Right? Thank you, all. ☆PhistucK On Mon, Aug 10, 2009 at 00:31, Amanda Walker ama...@chromium.org wrote: We've already started to tackle the issue (see the existing code that is turned on with --safe-plugins), we just haven't solved it. As several of us have said in the thread, we'd welcome additional contributions towards a robust plugin sandbox. However, if someone doesn't believe us when we (a) say it's harder than it looks and (b) give examples, there's not much we can do to convince him or her. In the meantime, anyone who wants to run plugins sandboxed, and put up with the compatibility problems that result, is welcome to use the --safe-plugins switch. That's what it's for. --Amanda On Sat, Aug 8, 2009 at 10:15 AM, PhistucK phist...@chromium.org wrote: Sorry to disturb here, at the end of the line, but - are you not going to tackle this issue? ☆PhistucK -- Portability is generally the result of advance planning rather than trench warfare involving #ifdef -- Henry Spencer (1992) --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Sorry to disturb here, at the end of the line, but - are you not going to tackle this issue? ☆PhistucK --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Jeremy, i can't see how it will make things any worse to punch these holes you still fork flash in its own process like you do now only you sandbox it how is it any worse ? this is just an observation that if i would write malware (which of course, i would never) i would just use flash plugins exploits to be cross browser compatible and this renders the sandbox nearly useless for future attacks what decent malware writer would bother with webkit explits ? none! besides, if you look at the help forum of chrome, you will see some people are starting to catch malware like this which is btw, how i got this evil site's URL i would never click on my own such a foul looking site as for the auto updating issue, i suggested a solution in one of my prev posts and i am sure you can have a word with adobe for this in a sense chrome makes it easier to infect itself(!) as you run plugins in the medium integrity level (Vista and above) and you normally install chrome in the local user account, so no UAC prompt will help the user if some delicate file or DLL is written to chrome folder, and then it will do something never intended also, one more note, flash is special enough that if you would hard code the solution to it, you would anyays solve most infections problems in the world, and maybe even cancer... who knows ? and regarding what CPU said (and ignoring the auto-update) it seems that flash does work flawlessly using your '--safe-plugins' switch, and doing this on that site does stop the attack (tbh, maybe the attack was stopped because the sun's java died in the sandbox, but Ian said it was a flash based attack) --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Wed, Aug 5, 2009 at 11:52 PM, yoav zilberberg yoav.zilberb...@gmail.comwrote: Jeremy, i can't see how it will make things any worse to punch these holes I never said it's worse...just that you couldn't make it airtight. Patches welcome. :-) you still fork flash in its own process like you do now only you sandbox it how is it any worse ? this is just an observation that if i would write malware (which of course, i would never) i would just use flash plugins exploits to be cross browser compatible and this renders the sandbox nearly useless for future attacks what decent malware writer would bother with webkit explits ? none! besides, if you look at the help forum of chrome, you will see some people are starting to catch malware like this which is btw, how i got this evil site's URL i would never click on my own such a foul looking site as for the auto updating issue, i suggested a solution in one of my prev posts and i am sure you can have a word with adobe for this in a sense chrome makes it easier to infect itself(!) as you run plugins in the medium integrity level (Vista and above) and you normally install chrome in the local user account, so no UAC prompt will help the user if some delicate file or DLL is written to chrome folder, and then it will do something never intended also, one more note, flash is special enough that if you would hard code the solution to it, you would anyays solve most infections problems in the world, and maybe even cancer... who knows ? and regarding what CPU said (and ignoring the auto-update) it seems that flash does work flawlessly using your '--safe-plugins' switch, and doing this on that site does stop the attack (tbh, maybe the attack was stopped because the sun's java died in the sandbox, but Ian said it was a flash based attack) --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Aug 5, 2009, at 11:52 PM, yoav zilberberg wrote: Jeremy, i can't see how it will make things any worse to punch these holes you still fork flash in its own process like you do now only you sandbox it how is it any worse ? Please trust authoritative folks like Carlos when they tell you that if sandboxing Flash were something that could be done reliably, even with high effort, it would have been done by the Chrome team already. Features of Flash like direct network access through their own stack, direct access to GPU resources, access to the file system, and audio/ video input are incredibly hard to sort out from regular Flash usage. At a minimum, they'll require code changes to Flash to help browsers mediate the access to those resources in a sandboxed environment. The current NPAPI interface doesn't have those contracts in place, and so the assumptions have been fixed and code written right up to the limit of those assumptions. To see how it works for yourself, try the --safe-plugins flag and then see how well the Flash- using web at large works (and if/how things break). It's all tractable in time, and you're right that it's absolutely desirable to sandbox Flash, but doing it today will undoubtedly lead to a poor user experience. If you'd like this situation to improve, might I suggest you help out by striking up a conversation with Adobe on the topic? In my personal interactions with their folks, they've been cordial and reasonable, and I'm sure they'd like to hear from a customer who's interested in seeing a safer Flash. Regards this is just an observation that if i would write malware (which of course, i would never) i would just use flash plugins exploits to be cross browser compatible and this renders the sandbox nearly useless for future attacks what decent malware writer would bother with webkit explits ? none! besides, if you look at the help forum of chrome, you will see some people are starting to catch malware like this which is btw, how i got this evil site's URL i would never click on my own such a foul looking site as for the auto updating issue, i suggested a solution in one of my prev posts and i am sure you can have a word with adobe for this in a sense chrome makes it easier to infect itself(!) as you run plugins in the medium integrity level (Vista and above) and you normally install chrome in the local user account, so no UAC prompt will help the user if some delicate file or DLL is written to chrome folder, and then it will do something never intended also, one more note, flash is special enough that if you would hard code the solution to it, you would anyays solve most infections problems in the world, and maybe even cancer... who knows ? and regarding what CPU said (and ignoring the auto-update) it seems that flash does work flawlessly using your '--safe-plugins' switch, and doing this on that site does stop the attack (tbh, maybe the attack was stopped because the sun's java died in the sandbox, but Ian said it was a flash based attack) --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Alex, your reply irritates me so much that i am willing to take my chancesand if anyone (from @chromium) finds my answer insulting e-mail me and i will remove myself forever from your lists, promise! what kind of an answer is that ? do you know how this attack was carried ? did you even read this thread before suggesting your comments ? even the start of your thread trust the force is so arrogant, and while i don't know who carlos is i would think that even carlos would know that if you intercepted file access you would have easily stopped this attack. jeremy was at least constructive, in suggesting i would patch it myself, but like i said, i don't know NPAPI nor do i know flash for that matter but i do know windows, alex, and whatever flash does internally he cannot access the disk directly, right ? (of course not) so just that simple test would have been enough and again, if anyone(!) from chrome(!) finds my response offensive, reply here and i promise never to post here again with zero hard feelings nakro --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Ian, well, i like your reply, so just tell me please for my own knowledge one thing is there ever a reason to allow flash (we are talking only flash here) to fork WinMail.exe for example ? i am a very light weight surfer, and i mostly read tech stuff, so my experience with flash is mostly youtube is this really something which any flash application does ? does flash really expect to have access to 'program files' ? if flash is expected to have access to it all, then you wouldn't have tried to sandbox it in the first place, right ? and btw, i read really a lot of the source code of chrome, and i still do, i even used your sandbox API to various tricks, and i even submitted patches and expect to do more in the future --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
No adam, i did not sumbit patches to the sandbox :) i just used its API's to forward calls from kernel32.dll to my own DLL's so i could inject code to VC.exe and force it to run in the idle priority class but i still don't get it if Flash expects to be able to SendMessage, then you cannot sandbox it anyways as there is no limit to what can be done and of course, i also look forward to HTML5 All i am saying is that one of the biggest selling points of chrome is that it is secure (no drive by malware anymore) and i was hoping from such a good produce as chrome to protect me there is simple statistics to be had here do most flash apps expect to the able to SendMessage ? if so, i admit, this is a hopeless case but if not, then you should have added an option in chrome to say 'sandbox flash by default' and then you could whitelist some sites you trust --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Aug 6, 2009, at 1:43 AM, yoav zilberberg wrote: No adam, i did not sumbit patches to the sandbox :) i just used its API's to forward calls from kernel32.dll to my own DLL's so i could inject code to VC.exe and force it to run in the idle priority class but i still don't get it if Flash expects to be able to SendMessage, then you cannot sandbox it anyways as there is no limit to what can be done and of course, i also look forward to HTML5 All i am saying is that one of the biggest selling points of chrome is that it is secure (no drive by malware anymore) --disable-plugins or --safe-plugins will get you there. Just don't expect full web compatibility. What you're expressing is the very real tension between what users currently expect and the security implications of how those expectations are realized today. Browser vendors are caught in the middle -- this is by way of explanation, not excuse. I think everyone working on Chrome wishes Flash were sandbox- able and are frustrated with the current situation. If you've got ideas for how to make --safe-plugins work better with real-world Flash, I suspect those ideas would be well received. Accusing the team of gross negligence probably won't help you get patches landed any faster, though. and i was hoping from such a good produce as chrome to protect me there is simple statistics to be had here do most flash apps expect to the able to SendMessage ? if so, i admit, this is a hopeless case but if not, then you should have added an option in chrome to say 'sandbox flash by default' and then you could whitelist some sites you trust I think to Adam's point, we'd like a relatively complete sandbox (i.e., one that run in a pre-defined policy and in which one failure won't lead to many other kinds of breaks). Take the example of 3D hardware access: drivers run in the kernel. Any problem there will invalidate whatever work is done at, say, the filesystem level. It's likely true that most of the world's Flash doesn't need to do insecure things. Figuring out a sane way to either tell Flash no in a way that doesn't out-and-out crash movies or in some other way give users control seems an area that could use more exploration if you've got the time. Regards --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chromebut i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
I don't really understand why you find Alex's message so frustrating. We'd love to make --safe-plugins the default. One road to getting there is having more people use the option and find the incompatibilities. We'd certainly welcome patches that improve it's compatibility. If we can make it work well enough, then we can turn it on by default and everyone wins. Adam On Thu, Aug 6, 2009 at 9:46 AM, yoav zilberbergyoav.zilberb...@gmail.com wrote: Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chrome but i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Yoav everyone on this thread is a Chromium developer and almost everyone posting in this thread (not me) are some of the top developers working on Chrome and many of them have spent a good deal of time working on sandbox related issues. All of us have a healthy disrespect for the impossible and would definitely like to see plugin's sandboxed by default, but it's a very difficult problem. We're working hard on many fronts like making more stuff possible without plugins (HTML 5), new technologies (NaCl), etc to change the status quo. I know it doesn't mean much to you, but I've met and/or worked with many of the developers that reached the conclusion that sandboxing plugins isn't practical (at least by default) and I can say that they're not only some of the smartest developers I've ever met, but that the decision was also painful to them. If you wanted to help, patches would be great. But I think it'd also be helpful if you turned it on and filed bugs when you hit compat issues. I'm not sure there's much else to say on the topic... J On Thu, Aug 6, 2009 at 9:50 AM, Adam Barth aba...@chromium.org wrote: I don't really understand why you find Alex's message so frustrating. We'd love to make --safe-plugins the default. One road to getting there is having more people use the option and find the incompatibilities. We'd certainly welcome patches that improve it's compatibility. If we can make it work well enough, then we can turn it on by default and everyone wins. Adam On Thu, Aug 6, 2009 at 9:46 AM, yoav zilberbergyoav.zilberb...@gmail.com wrote: Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chrome but i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Hi, On Thu, Aug 6, 2009 at 6:08 PM, Jeremy Orlow jor...@chromium.org wrote: Yoav everyone on this thread is a Chromium developer and almost everyone posting in this thread (not me) are some of the top developers working on Chrome and many of them have spent a good deal of time working on sandbox related issues. All of us have a healthy disrespect for the impossible and would definitely like to see plugin's sandboxed by default, but it's a very difficult problem. We're working hard on many fronts like making more stuff possible without plugins (HTML 5), new technologies (NaCl), etc to change the status quo. Sorry to intrude, but can you explain what NaCl are you talking ? Is it this one: http://nacl.cr.yp.to/ And what kind of work/use is being thought for NaCl + chromium. I'm asking this because I've looked at NaCl recently and seems very interesting.. kind regards, I know it doesn't mean much to you, but I've met and/or worked with many of the developers that reached the conclusion that sandboxing plugins isn't practical (at least by default) and I can say that they're not only some of the smartest developers I've ever met, but that the decision was also painful to them. If you wanted to help, patches would be great. But I think it'd also be helpful if you turned it on and filed bugs when you hit compat issues. I'm not sure there's much else to say on the topic... J On Thu, Aug 6, 2009 at 9:50 AM, Adam Barth aba...@chromium.org wrote: I don't really understand why you find Alex's message so frustrating. We'd love to make --safe-plugins the default. One road to getting there is having more people use the option and find the incompatibilities. We'd certainly welcome patches that improve it's compatibility. If we can make it work well enough, then we can turn it on by default and everyone wins. Adam On Thu, Aug 6, 2009 at 9:46 AM, yoav zilberbergyoav.zilberb...@gmail.com wrote: Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chrome but i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings -- Miguel Sousa Filipe --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Thu, Aug 6, 2009 at 10:16 AM, Miguel F Mascarenhas Sousa Filipe miguel.fil...@gmail.com wrote: Hi, On Thu, Aug 6, 2009 at 6:08 PM, Jeremy Orlow jor...@chromium.org wrote: Yoav everyone on this thread is a Chromium developer and almost everyone posting in this thread (not me) are some of the top developers working on Chrome and many of them have spent a good deal of time working on sandbox related issues. All of us have a healthy disrespect for the impossible and would definitely like to see plugin's sandboxed by default, but it's a very difficult problem. We're working hard on many fronts like making more stuff possible without plugins (HTML 5), new technologies (NaCl), etc to change the status quo. Sorry to intrude, but can you explain what NaCl are you talking ? Is it this one: http://nacl.cr.yp.to/ I was talking about this one: http://code.google.com/p/nativeclient/ http://nacl.cr.yp.to/ And what kind of work/use is being thought for NaCl + chromium. I'm asking this because I've looked at NaCl recently and seems very interesting.. kind regards, I know it doesn't mean much to you, but I've met and/or worked with many of the developers that reached the conclusion that sandboxing plugins isn't practical (at least by default) and I can say that they're not only some of the smartest developers I've ever met, but that the decision was also painful to them. If you wanted to help, patches would be great. But I think it'd also be helpful if you turned it on and filed bugs when you hit compat issues. I'm not sure there's much else to say on the topic... J On Thu, Aug 6, 2009 at 9:50 AM, Adam Barth aba...@chromium.org wrote: I don't really understand why you find Alex's message so frustrating. We'd love to make --safe-plugins the default. One road to getting there is having more people use the option and find the incompatibilities. We'd certainly welcome patches that improve it's compatibility. If we can make it work well enough, then we can turn it on by default and everyone wins. Adam On Thu, Aug 6, 2009 at 9:46 AM, yoav zilberbergyoav.zilberb...@gmail.com wrote: Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chrome but i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings -- Miguel Sousa Filipe --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Thu, Aug 6, 2009 at 1:16 PM, Miguel F Mascarenhas Sousa Filipe miguel.fil...@gmail.com wrote: Hi, On Thu, Aug 6, 2009 at 6:08 PM, Jeremy Orlow jor...@chromium.org wrote: Yoav everyone on this thread is a Chromium developer and almost everyone posting in this thread (not me) are some of the top developers working on Chrome and many of them have spent a good deal of time working on sandbox related issues. All of us have a healthy disrespect for the impossible and would definitely like to see plugin's sandboxed by default, but it's a very difficult problem. We're working hard on many fronts like making more stuff possible without plugins (HTML 5), new technologies (NaCl), etc to change the status quo. Sorry to intrude, but can you explain what NaCl are you talking ? Is it this one: http://nacl.cr.yp.to/ And what kind of work/use is being thought for NaCl + chromium. I'm asking this because I've looked at NaCl recently and seems very interesting.. Nope, this one: http://code.google.com/p/nativeclient/ TVL kind regards, I know it doesn't mean much to you, but I've met and/or worked with many of the developers that reached the conclusion that sandboxing plugins isn't practical (at least by default) and I can say that they're not only some of the smartest developers I've ever met, but that the decision was also painful to them. If you wanted to help, patches would be great. But I think it'd also be helpful if you turned it on and filed bugs when you hit compat issues. I'm not sure there's much else to say on the topic... J On Thu, Aug 6, 2009 at 9:50 AM, Adam Barth aba...@chromium.org wrote: I don't really understand why you find Alex's message so frustrating. We'd love to make --safe-plugins the default. One road to getting there is having more people use the option and find the incompatibilities. We'd certainly welcome patches that improve it's compatibility. If we can make it work well enough, then we can turn it on by default and everyone wins. Adam On Thu, Aug 6, 2009 at 9:46 AM, yoav zilberbergyoav.zilberb...@gmail.com wrote: Alex, let me get it, are you part of the chrome team ? i don't recall accusing anyone from chrome but i do recall not liking your reply, so just let me know if you are part of the devs of chrome please i will be honest, if you are, then i think it is time for me to move to a different browser, if you are not then don't decide if i accuse the chrome team or not, let them tell me, and like i said i would remove myself in a second and with no hard feelings -- Miguel Sousa Filipe --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Just read the entire thread. It looks like this thread has gotten a little more... mucky than it ever needed to be. What is going on here? On Aug 6, 11:16 am, yoav zilberberg yoav.zilberb...@gmail.com wrote: I apologize, i had no idea all of you are chrome devs, and i shall indeed happily remove myself thanx for answering, and best of luck you all. From what I've seen, the Chromium developers seem very reasonable, and quite knowledgeable. I don't see any reason for the tension we've seen here; and certainly don't see a reason why you should remove yourself from the Chromium community. It's a shame you feel that way, Yoav =\ --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Tue, Aug 4, 2009 at 11:29 PM, Ian Fettei...@chromium.org wrote: So far as I can tell, the page is not instantiating Java. it's instantiating acrobat / flash, and perhaps that instantiates java? At any rate, so far as I can tell there's little that can be done here. I presume you mean little to be done in chromium? Has anyone reported the problem(s) to adobe? 2009/8/4 nakro yoav.zilberb...@gmail.com Ok, but just so you know, i also checked this site again(!) with the -- safe-plugins switch and since i had Process Explorer open with always on top, and since sun java's dies with this safe-plugins mode it would seem that it was java who triggered this mess, and since you do not ask for permissions to run java code with chrome, it is a bit creepy but ok, if you say this is kosher, i take your word for it --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
On Wed, Aug 5, 2009 at 6:03 PM, cpu c...@chromium.org wrote: On Aug 4, 3:36 pm, nakro yoav.zilberb...@gmail.com wrote: Ian, i have a lot of respect to you chrome devs, but i could never figure why you don't just punch holes in the sandbox when Flash or Java or maybe even Reader work In general because sandboxing code that you don't have the source code and can update at any time is asking for trouble. There are several things that are hard to open holes to for flash, for example its own self update. In addition, I think the holes you'd have to open would make it very easy for someone to break out of the sandbox. Of course, most exploits not specifically targeted at Chromium would be foiledso there still is some benefit. J --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
I reached out to Nakro and got the URL. I've looped in a subset of people ( secur...@chromium.org) and am looking at this now. 2009/8/4 nakro yoav.zilberb...@gmail.com hi, i sent this to your agl an hour back as he showed interest in sites which might break out of the sandbox but maybe he is not online now or something i do not want to post a link here, for obvious reasons, so if anyone with an @chromium mail contact me i will send you the link, and you better hurry before the site changes, it already did twice and it does do some impossible things yoav --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
So far as I can tell, this URL is basically exploiting reader and flash. We don't sandbox plugins currently (see the list / blog posts for history), so sadly this is working as expected 2009/8/4 nakro yoav.zilberb...@gmail.com hi, i sent this to your agl an hour back as he showed interest in sites which might break out of the sandbox but maybe he is not online now or something i do not want to post a link here, for obvious reasons, so if anyone with an @chromium mail contact me i will send you the link, and you better hurry before the site changes, it already did twice and it does do some impossible things yoav --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Ok, but just so you know, i also checked this site again(!) with the -- safe-plugins switch and since i had Process Explorer open with always on top, and since sun java's dies with this safe-plugins mode it would seem that it was java who triggered this mess, and since you do not ask for permissions to run java code with chrome, it is a bit creepy but ok, if you say this is kosher, i take your word for it --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
So far as I can tell, the page is not instantiating Java. it's instantiating acrobat / flash, and perhaps that instantiates java? At any rate, so far as I can tell there's little that can be done here. 2009/8/4 nakro yoav.zilberb...@gmail.com Ok, but just so you know, i also checked this site again(!) with the -- safe-plugins switch and since i had Process Explorer open with always on top, and since sun java's dies with this safe-plugins mode it would seem that it was java who triggered this mess, and since you do not ask for permissions to run java code with chrome, it is a bit creepy but ok, if you say this is kosher, i take your word for it --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Urgent, a very evil site i think which does evil things (no joke)
Ian, i have a lot of respect to you chrome devs, but i could never figure why you don't just punch holes in the sandbox when Flash or Java or maybe even Reader work these are by far the most used plugins in the world (where Flash is #1 i would think) i do recall even reading an area of the sandbox which does this for flash. and i also recall one of you saying that if you do it then flash could not be auto-updated but you are google, i am sure you can talk to adobe and maybe run flash on startup without the sandbox then if it does not want to update, you kill it and force it into the sandbox when it is needed actually, since i know nothing about NPAPI i am prob talking BS so thanx for checking it! and have fun --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---