W3C home > Mailing lists > Public > www-svg@w3.org > August 2003

Re: SVG1.2 and network sockets was: SVG1.2 and web applications

From: Robin Berjon <robin.berjon@expway.fr>
Date: Mon, 18 Aug 2003 19:44:24 +0200
Message-ID: <3F411078.6070008@expway.fr>
To: Thomas DeWeese <Thomas.DeWeese@Kodak.com>
Cc: www-svg@w3.org

Thomas DeWeese wrote:
> Robin Berjon wrote:
>> Providing the ability to open sockets does not open such security 
>> issues as Randy or you describe. It takes opening a more than that to 
>> get something as insecure as Outlook.
> 
>     Don't be so sure.  It is quite common for socket requests from
> a 'secure' set of hosts to be treated differently from socket
> requests from other 'outside' hosts.  If an SVG application can open
> arbitrary sockets from a machine it means that among other
> possabilities the machine can almost certainly be used as an
> 'open mail relay' (just open a connection to port 25 on the
> associated mail server), downloading of internal corperate web
> sites, many environments would allow rlogin from a 'trusted' host
> given an appropriate login with no password.  Perhaps these are
> not as bad as 'Outlook' but they would be more than enough to
> ban SVG from every corporate network that had an IT department
> that knew anything.

Yes. Sorry if I was unclear, I didn't mean to say that there were *no* security 
issues, just trying to point out that it didn't lend itself to Outlook-style 
trojans and such.

I am quite concerned in getting this "right", which is why I try to claims that 
I believe are false. The feature-set that is made available by a simple socket 
API is such that imho it's well-worth considering it very seriously as it could 
bring many new users to SVG. That's why I asked for input on this.

>     The Java Sandbox permissions are the way they are for very good
> reasons (connect back only to the server you came from) - lots of people
> have looked at them and I believe they have been made as permissive as
> possible without involving a knowlegable person (and often the person
> at the computer can't be counted on to be  knowlegable - remeber most
> Outlook trogan horses/viruses require user action! :)

I'll grant eagerly you that "prompt the user to accept" doesn't satisfy me. 
People buy enough herbal penis enhancing medicine to make spam profitable, 
people will probably hit "yes" for "do you want to connect to evilcrackers.com:25?".

The Java Sandbox approach is limiting but certainly better than the "everything 
must go through a small subset of HTTP" approach that getURL/postURL currently 
offer. It only takes a few lines of code to write a proxy that redirects all 
traffic to port X to foo.com:X, and that is much better than converting 
everything to HTTP. I could live with that.

>     It concerns me that you seem to consider this such a minor issue.
> Honestly, one small misstep here can very effectively kill SVG.

Sorry if I was unclear, I was concerned with trojans all of a sudden becoming 
portable to wherever SVG works or DDoS attacks not previously possible, two 
claims that I believe to be untrue. I do not in any way consider this a minor 
issue, which is also why I am ready to put energy into separating the real 
issues from the false ones.

>     I agree that a highly restrictive set of protocols is probably
> bad, but one must also remember that in a web context you are often
> restricted to http as many corporate firewalls will block anything
> else.  This doesn't mean that you shouldn't offer anything else, but
> it does mean that HTTP and HTTP based protocols deserve extra attention.

Yes, but possibly not for long. People have naturally noticed that many things 
can now be done over HTTP that weren't done before, and there are HTTP-filtering 
proxies that block some forms of traffic. If a company wishes to block IM/IRC 
and someone writes a client that does that over HTTP, it won't be long before 
you find products to intercept that :)

-- 
Robin Berjon <robin.berjon@expway.fr>
Research Engineer, Expway        http://expway.fr/
7FC0 6F5F D864 EFB8 08CE  8E74 58E6 D5DB 4889 2488
Received on Monday, 18 August 2003 13:44:32 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:25 GMT