System Information API: Two isses (monitoring process lifetime and Permission nature)

The following comment contains detailed information about a few issues
that were identified during a recent security analysis of 13 W3C
standards, organized by ENISA (European Network and Information Security
Agency), and performed by the DistriNet Research Group (K.U. Leuven,

The complete report is available at
(*), and contains information about the process, the discovered
vulnerabilities and recommendations towards improving overall security
in the studied specifications.


SYSINFO-SECURE-1.Monitoring Lifetime: The specification discusses a way
to launch a background monitoring process, that invokes a callback
handler if the location has changed. It briefly mentions that there is a
maximum lifetime. The specification does not provide a cocnrete value
for the maximum lifetime, nor does it provide any requirements for the
lifetime of a monitor process. For instance, such a process should also
terminate when the associated document no longer exists. 

SYSINFO-USER-1.Permission Nature: The specification does not impose that
the nature of the permission (one-shot or monitoring) must be made clear
when asking for consent. The difference between permission for one-shot
access and launching a monitoring process is quite important.
Additionally, stored one-shot permissions are very similar to the
monitoring process!

(*) HTML version of the report is available as well:
Philippe De Ryck
K.U.Leuven, Dept. of Computer Science


Received on Wednesday, 3 August 2011 17:53:12 UTC