[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] Building in security

From: Rob Savoye
Subject: Re: [Gnash-dev] Building in security
Date: Thu, 26 Apr 2007 12:08:51 -0600
User-agent: Thunderbird (X11/20070326)

Eric Hughes wrote:

> When I read this, I immediately translated that last sentence to myself
> as "like a cookie but worse".  To get some idea about what we'll need
> eventually, just look at the Privacy and Security configurations in
> Firefox.  Gnash, when mature, will have the same essential complexity.

  It's worse than even that. You can literally upload SharedObjs to the
server where they get shared between multiple clients. This is used to
support video conferencing and chats. Even the low level RTMP protocol
uses AMF objects shared between the client and the server.

  Just out of curiosity, have you seen the spec for BiFrost, the
security plan for the OLPC ? They have a bit of the same problem space
as we do.

> I volunteer.  Unfortunately, this isn't a "fix" but rather a significant
> piece of internal infrastructure.  While I do believe in building in

 Yes, good security is a huge project that effects many other little
design decisions.

> We'll have to extend if only to get better security configurability.

  Correct, but as this shouldn't interfere with people's web browsing
since the usual Flash stuff also works. But when you use Gnash there
should be better security, especially where we have great risk than
before with things like extensions that can access the file system.

> interest in that.  So to start, I would ask that folks contribute to
> creating a documented consensus on what the security problem actually
> is.  I've set up a page on the wiki to act as a repository for this work.

  Since we had to lock the wiki after spammers actually registered
themselves, we're probably stuck using this list, and then migrating
things to the wiki that are worth saving. It is a good idea to get this
discussion started.

  Currently the only security in Gnash is a simple whitelist/blacklist
of URLs to not load content from. This is more like Adblock, than real
security though, but at least it does prevent Flash movies from loading
content over the network that you don't want. And many Flash movies load
external files all the time.

  I'd think the kinds of things we want to prevent range from simple
things like not allowing access via the FileIO extension except to
specified files or subdirectories, to more complex stuff like preventing
injection of bogus packets into a network stream.

  The security model also has to extend to the server side, which will
allow uploading files and shared objects in a secure manner.

        - rob -

reply via email to

[Prev in Thread] Current Thread [Next in Thread]