[Greasemonkey] GM is great, but Security questions - yet again

alan taylor kokogiak at gmail.com
Fri Apr 1 14:38:56 EST 2005


I like the idea of the sidebar and flagged scripts for community
review - probably the best you can honestly do. Some level of end-user
warning to 'use with caution, have it reviewed, do not fold, spindle,
mutilate', etc.

Since there's open thought for ideas, I'll think for a while, ask some
folks I know, see if I can contribute to this at all.

-Alan

On Apr 1, 2005 2:26 PM, Jeremy Dunck <jdunck at gmail.com> wrote:
> On Apr 1, 2005 1:07 PM, alan taylor <kokogiak at gmail.com> wrote:
> > So what are the options, and are any being actively pursued? Signed
> > scripts, 'blessed' (reviewed) scripts, user-warnings, no action?
> 
> What I'm hoping to do is create a user script directory which would be
> integrated (sidebar or something) with GM.  Scripts would be listed in
> the directory as discovered.  Users could flag scripts as
> questionable.  Trusted folks would reject/approve flagged scripts.
> 
> Installing from outside the directory would be allowed, but discouraged.
> 
> Note that GM doesn't actually allow anything that javascript doesn't
> (you can do XSS with IFrame, for example).  The only exceptions are
> that 1) it runs automatically, and 2) it's not under the page
> publisher's control.
> 
> The first point is only significant when comparing to bookmarklets,
> which aren't effective as malicious code because the user is quite
> conscious of when the script is running.  But any old bookmarklet
> could certainly steal your cookies.  An ambitious one could also
> keylog and send data to a 3rd party domain via IFrame.  It just
> doesn't run automatically, so your keylogging would only be effective
> when the bookmarklet is invoked, and die on the next page.   So it
> might be useful for the user to be able to provide a global exclude
> (don't run on bankofamerica.com).  But otherwise, I don't see a big
> deal here.
> 
> I don't really see that the second point makes any real difference.
> That is, I don't see why a script would necessarily be more or less
> trustworthy than a site, because in either case, the user chooses
> where to go or what to install.
> 
> So.  The direction is to provide a way measuring trustworthiness, and
> warning uses when they try to install something untrustworthy.  Trying
> to totally secure JS without breaking most of the useful features
> would be a hairy, perhaps impossible problem.
> 
> > I'm concerned because A) I think GM is amazingly cool, and has a
> > potential to get a serious level of uptake (at least in certain
> > circles)
> 
> With Opera and IE getting in on this, yes, I certainly hope so.
> 
> >and B) all it takes is one bad apple to bring a sour taste to
> > the whole thing.
> 
> Hmm.  Maybe.  I don't really see a big difference in the threat model
> (using the term loosely) between this and extensions or (automated)
> bookmarklets, given a trusted source and a community of reviewers).
> I'm working on the directory.  Do you have other ideas?
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list