W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: What defines a "plugin"? WRT sandboxing?

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 25 Jan 2010 22:22:29 +0000
Message-ID: <7789133a1001251422l13ca3781h4674f9c6a4456f1b@mail.gmail.com>
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: Maciej Stachowiak <mjs@apple.com>, "public-html@w3.org" <public-html@w3.org>
On Mon, Jan 25, 2010 at 9:24 PM, Leonard Rosenthol <lrosenth@adobe.com> wrote:
> What exactly are we trying to prevent?

We're trying to prevent malicious content from leveraging plug-ins to
escape the security restrictions imposed by @sandbox.  Presently,
there exist a great many plug-ins that do not understand the sandbox
security model and therefore would allow sandboxed content to
circumvent the restrictions of the sandbox.  Therefore, the only safe
course of action is to prevent sandboxed content from interacting with
these plug-ins.

To answer your specific question, if Safari allowed sandboxed content
to instantiate a QuickTime <video> that circumvented the sandbox
security model, I would email security@apple.com and they would issue
a patch to fix the vulnerability.  If Safari allowed sandboxed content
to instantiate a Gears <object> that circumvented the sandbox security
model, I can either email security@apple.com or security@google.com.
If I email security@apple.com, there's not much they can do except
prevent the content from instantiating Gears.  If I email
security@google.com, there is not much they can do short of preventing
Gears from being used by all content.  Instead of waiting for the
vulnerability to be reported in a shipping product, we're fixing the
vulnerability in the specification by doing what security@apple.com
would have to do anyway.

Adam
Received on Monday, 25 January 2010 22:23:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC