[webkit-dev] a simple isolatedworlds alternative for uzbl?

Adam Barth abarth at webkit.org
Thu Jan 28 08:01:19 PST 2010


On Thu, Jan 28, 2010 at 12:40 AM, Dieter Plaetinck <dieter at plaetinck.be> wrote:
> On Wed, 27 Jan 2010 23:01:17 -0800
> Adam Barth <abarth at webkit.org> wrote:
>
>> Getting this right with the approach you seem to be taking is
>> extremely difficult.  The problem is not that the local script is
>> untrustworthy.  The problem is that the web page it's interacting with
>> might be able to steal its privileges.
>
> Thank you, but can you describe this a bit more?
> Even if we don't pass around the object or attach it to an object such
> as document or window, we are still vulnerable?  How can the webpage
> "steal privileges"?

For example, the attacker could use some of the techniques described
in this paper:

http://www.adambarth.com/papers/2009/adida-barth-jackson.pdf

>> Isolated worlds should be implemented in webkitgtk+ thanks to some
>> contributors from Apple.  I bet all that's left to do is add an API
>> for accessing the functionality.  The PDF is just being honest when it
>> says "reasonable assurance."  I'd be extremely skeptical of someone
>> who claims more than reasonable assurance for a commercial-grade
>> system.
>
> That's good to know. I'm looking forward to it.  The "reasonable
> assurance" part, does this mean a problem with the design or is this
> more about potential issues with the (early) implementations?

Assurance is a term of art in security.  It refers to how confident we
are the the final system meets it's security goals.  In this case,
we're talking about the implementation.  Often the way you get better
assurance is by reducing the trusted computing base or by applying
some sort of analysis tools to the system.  In this case, the sense is
indicating that this particular step is part of the trusted computing
base.

Adam


More information about the webkit-dev mailing list