W3C home > Mailing lists > Public > public-html@w3.org > June 2010

Re: text/sandboxed-html

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 10 Jun 2010 16:33:40 -0700
Cc: Adam Barth <w3c@adambarth.com>, Artur Adib <arturadib@gmail.com>, public-html@w3.org, Leonard Rosenthol <lrosenth@adobe.com>, Ian Hickson <ian@hixie.ch>
Message-id: <2E2A0B7E-1FB2-4EB4-8CE5-590D67548F28@apple.com>
To: robert@ocallahan.org

On Jun 10, 2010, at 2:24 PM, Robert O'Callahan wrote:

> On Thu, Jun 10, 2010 at 5:21 PM, Adam Barth <w3c@adambarth.com> wrote:
> I guess I don't understand the transition plan.  Would we eventually
> remove support for plug-ins that don't understand sandboxing?  If not,
> couldn't an attacker always use XYZ random plug-in to break the
> security properties?
> 
> Users that don't have XYZ random plugin installed (i.e. almost all users) would be protected.

Unless XYZ random plugin is "the old version of some very popular plugin". I'm reasonably confident that at least Flash, Java and Silverlight are general-purpose enough to allow circumvention of any of the sandboxed iframe defenses, and I'm not confident enough in users having the latest versions of those to consider that a strong security measure.

In the long run, I think it makes a lot more sense to have a feature that only allow plugins that respect sandboxing restrictiions. If we want a shorter-term feature to allow plugins, then it would be good to have a clear transition story.

Regards,
Maciej
Received on Thursday, 10 June 2010 23:34:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:18 UTC