Re: [css-shaders] CSS shaders for custom filters (ACTION-3072) from Vincent Hardy on 2011-10-05 (www-style@w3.org from October 2011)

From: Vincent Hardy <vhardy@adobe.com>
Date: Wed, 5 Oct 2011 15:31:00 -0700
To: Chris Marrin <cmarrin@apple.com>
CC: "www-style@w3.org CSS" <www-style@w3.org>, "public-fx@w3.org" <public-fx@w3.org>, SVG WG <public-svg-wg@w3.org>
Message-ID: <CAB2285B.1B7C6%vhardy@adobe.com>

[...]
>> 
>> So you are suggesting to reference the following specifically, is that
>>right?
>> 
>>http://www.khronos.org/registry/webgl/specs/latest/#SUPPORTED_GLSL_CONSTR
>>UCTS
>
>Both that section (section 4.3) and section 6 "Differences Between WebGL
>and OpenGL ES 2.0" would be useful references.

[vh] ok, I'll add these references.

>
>>> 
>>> Finally, it's good that you include section 6.3 on security. That is
>>>obviously the main sticking point of WebGL, and of WebCL if and when it
>>>becomes available. But I don't think you should characterize Denial of
>>>Service as the only real security concern. WebGL represents the first
>>>exposure of an API of the complexity of OpenGL to the web. GLSL is a
>>>programming language which, unlike JavaScript, executes instructions
>>>directly on the host machine. Exposing this kind of functionality to
>>>content authors is unprecedented, and opens up brand new avenues for
>>>malicious exploits. For that reason these drivers need to be hardened
>>>against attacks like never before.
>>> 
>>> As you say, this work is ongoing and I believe that WebGL and related
>>>technologies will ultimately be as safe as any that are exposed to the
>>>web today. But we're not there yet, which is why Apple includes the
>>>functionality in its browsers, but leaves it disabled. On desktop it
>>>can be turned on with a developer switch and on iOS it is only
>>>available to iAd developers.
>>> 
>>> We found that when we shipped WebGL 1.0 we should have erred on the
>>>side of expressing greater concern about these issues, rather than
>>>making them an aside. I think the same is true of CSS Shaders.
>> 
>> Point taken. I did not mean that section to diminish the security
>>concerns, but I can see that the sentence that says "Consequently, the
>>main security consideration is a possible denial of service attack"
>>should be worded differently. I'll do that.
>
>I know your intent is to appropriately raise the security concerns. But
>as someone recently bitten in the ass by this, I can tell you that you
>can't emphasize the significance of this issue enough to satisfy all the
>scrutinizers out there!

[vh] Thanks for the heads up and sharing the battle scars to prevent me
from getting the same :-) I will update the wording.

Kind regards,
Vincent.

Received on Wednesday, 5 October 2011 22:31:40 UTC