|
From: | Eric Hughes |
Subject: | Re: [Gnash-dev] Building in security |
Date: | Thu, 26 Apr 2007 13:34:37 -0600 |
At 12:08 PM 4/26/2007, Rob Savoye wrote:
Currently the only security in Gnash is a simple whitelist/blacklist of URLs to not load content from. This is more like Adblock, than real security though,
1) Agreed, whitelist/blacklist is insufficient in general, but these lists do support common use cases. Regardless of whatever underlying mechanisms are used, having direct UI access to these lists should be retained. And retained even if these lists do not fully cover all security permissions.
2) Adblock is excellent in practice because, regardless of its specific blocking mechanisms, has a subscription service for updating local tables. This is invaluable, given that the mechanisms that "really work" presume unavailable infrastructure, such as self-verifying code (which might someday exist) and signed code (which requires PKI, which no one has yet made work widely).
3) A "full" solution, to my eye, will seem to include the moral equivalent of jail(1) for the AS virtual machine, where we jail not just the file system but every external resource that's visible in AS. The idea then is that every script executed is jailed by default unless granted specific permission otherwise.
Eric
[Prev in Thread] | Current Thread | [Next in Thread] |