Two Geolocation issues

The following comment contains detailed information about a few issues
that were identified during a recent security analysis of 13 W3C
standards, organized by ENISA (European Network and Information Security
Agency), and performed by the DistriNet Research Group (K.U. Leuven,

The complete report is available at
(*), and contains information about the process, the discovered
vulnerabilities and recommendations towards improving overall security
in the studied specifications.


GEOLOC-SECURE-1.Monitoring Lifetime: The specification discusses a way
to launch a background monitoring process, that invokes a callback
handler if the location has changed. It does not explicitly specify the
lifetime of a watchPosition process, except when it is cancelled by the
caller. Such a process should terminate when the associated document no
longer exists. 

GEOLOC-USER-1.Permission Nature: The specification imposes a requirement
on the permission UI, stating that the origin of the document must be
shown. However, it does not impose that the nature of the permission
(one-shot or monitoring) must be made clear. The difference between
permission for a one-shot location retrieval or launching a monitoring
process is quite important. Additionally, stored one-shot permissions
are very similar to a monitoring process!

(*) HTML version of the report is available as well:
Philippe De Ryck
K.U.Leuven, Dept. of Computer Science


Received on Wednesday, 3 August 2011 17:45:41 UTC