[Dev] enforcing priviliges of web apps

Patrick Ohly patrick.ohly at intel.com
Wed May 14 15:01:46 GMT 2014


On Wed, 2014-05-14 at 17:41 +0300, Jussi Laako wrote:
> On 14.5.2014 17:06, Patrick Ohly wrote:
> > The problem remains that the current D-Bus mechanism does not allow
> > passing this extra information.
> 
> We just included appctx as part of our dbus API.

That works because you have full control over the D-Bus API. It does not
work when trying to add access control to an existing API, because it
would break the API for apps already using it.

At the moment, the patched dbus-daemon will tell clients when (and only
when) they ask what the application context of a certain peer is (via
GetConnectionSmackContext). This information is not part of the message
itself. I don't know how extensible the on-the-wire D-Bus message format
is. Perhaps it would be possible to extend the header such that the
extra information can be added without affecting parsing by D-Bus
clients which are not aware of this extension.

This does not address the file access issues pointed out by Rafał, which
IMHO is the bigger issue.

My feeling at the moment is that several interested bystanders (me
included) speculate about how Crosswalk could be secured, but do we have
the actual decision makers and implementers involved, too? Who owns
security of the web runtime?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list