[webkit-dev] Proposed feature: Network Service Discovery
Maciej Stachowiak
mjs at apple.com
Sun Sep 8 11:32:12 PDT 2013
I also don't think it should be added to WebKit.
In addition to other reasons stated, the spec has obvious severe security risks which are not adequately addressed by a permissions dialog.
Section 7 of the spec allows a webpage to bypass the same-origin security model to communicate with "discovered" services via HTTP. Discovery is via ZeroConf, UPnP or DIAL. Consider that this will include things like printers, routers, intranet servers, and other devices where access to the http interface is potentially very dangerous.
The spec is supposedly designed for "media servers", but nothing limits it to that.
In addition to the obviously dangerous cases (reconfiguring your home router), most devices intended for use on a home network or firewalled intranet have many security vulnerabilities and could be exploited by throwing untrusted data at them.
Regards,
Maciej
On Sep 6, 2013, at 2:21 PM, Benjamin Poulain <benjamin at webkit.org> wrote:
> +1
>
> After the concerns raised, I am not convinced the feature fits into the engine.
> I am also not convinced this needs WebKit support to be implemented.
>
> Benjamin
>
>
> On 9/6/13 10:39 AM, Anders Carlsson wrote:
>> I agree.
>>
>> This also seems like it’s something that could be implemented by a client application using our JS object extension hooks without touching WebKit at all.
>>
>> - Anders
>>
>> On Sep 6, 2013, at 10:30 AM, Simon Fraser <simon.fraser at apple.com> wrote:
>>
>>> Perhaps before we spend any more time discussing the security implications of Network Service Discovery, we should decide whether it fits with the goals of the WebKit project:
>>>
>>> https://www.webkit.org/projects/goals.html
>>>
>>> It’s not at all clear to me that it does.
>>>
>>> Simon
>>>
>>> On Sep 6, 2013, at 9:59 AM, Oliver Hunt <oliver at apple.com> wrote:
>>>
>>>>
>>>> On Sep 6, 2013, at 9:44 AM, youenn fablet <youennf at gmail.com> wrote:
>>>>
>>>>> Hi Ryosuke,
>>>>>
>>>>> The two points you are mentioning make sense to me.
>>>>>
>>>>> For starters, most of users wouldn't even know what a local network is; let alone what discovering media sources, etc... mean.
>>>>>
>>>>> Most users may not be able to understand what means “discover local network DACP servers”.
>>>>> But if a user is requested to grant/deny access to “Bob music library” service (the service being a DACP server), the situation seems getting better.
>>>>> The spec is a work in progress and may be improved.
>>>>
>>>> For the sake of argument let's say this "discovery" is allowed to occur. How do you talk to "Bob music library" without the web page sending raw data to/from the DACP server?
>>>>
>>>> --Oliver
>>>> _______________________________________________
>>>> webkit-dev mailing list
>>>> webkit-dev at lists.webkit.org
>>>> https://lists.webkit.org/mailman/listinfo/webkit-dev
>>>
>>> _______________________________________________
>>> webkit-dev mailing list
>>> webkit-dev at lists.webkit.org
>>> https://lists.webkit.org/mailman/listinfo/webkit-dev
>>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130908/422a50bd/attachment.html>
More information about the webkit-dev
mailing list