[webkit-dev] a simple isolatedworlds alternative for uzbl?

Adam Barth abarth at webkit.org
Wed Jan 27 23:01:17 PST 2010


Getting this right with the approach you seem to be taking is
extremely difficult.  The problem is not that the local script is
untrustworthy.  The problem is that the web page it's interacting with
might be able to steal its privileges.

Isolated worlds should be implemented in webkitgtk+ thanks to some
contributors from Apple.  I bet all that's left to do is add an API
for accessing the functionality.  The PDF is just being honest when it
says "reasonable assurance."  I'd be extremely skeptical of someone
who claims more than reasonable assurance for a commercial-grade
system.

Adam


On Wed, Jan 27, 2010 at 12:49 PM, Dieter Plaetinck <dieter at plaetinck.be> wrote:
> Hi guys,
> as a continuation of my earlier topic:
> https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html
>
> We've read more about isolatedworlds (
> http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et
> al)
>
> but given:
> 1) it's not implemented yet in webkitgtk+
> 2) it looks kinda complex
> 3) it doesn't give the impression it's waterproof (for example: "to
> select the correct world with reasonable assurance (...)" on page 10
> of the pdf)
> 4) we treat local code as trusted. after all we're talking about small
> scripts the user explicitly enables, not untrustworthy addons. we
> assume local scripts are written and treated with the same care as the
> source code of the browser itself.
>
> we are investigating other directions to solve our issue.
>
> one such approach is can be seen at:
> http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62
>
> the idea is that we would only call our special (privileged) object by
> 'this.Uzbl' and using a different 'this' for the local scripts and the
> remote ones.
> If we make sure we never pass around the instance of this.Uzbl as
> arguments or put it in another object, we *think* we are good.
>
> more info:
> http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html
> http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html
>
> is this a good idea? is it safe? will it stay safe?
>
> thanks!
> Dieter
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>


More information about the webkit-dev mailing list