[Greasemonkey] GM is great, but Security questions - yet again
kokogiak at gmail.com
Fri Apr 1 14:38:56 EST 2005
I like the idea of the sidebar and flagged scripts for community
review - probably the best you can honestly do. Some level of end-user
warning to 'use with caution, have it reviewed, do not fold, spindle,
Since there's open thought for ideas, I'll think for a while, ask some
folks I know, see if I can contribute to this at all.
On Apr 1, 2005 2:26 PM, Jeremy Dunck <jdunck at gmail.com> wrote:
> On Apr 1, 2005 1:07 PM, alan taylor <kokogiak at gmail.com> wrote:
> > So what are the options, and are any being actively pursued? Signed
> > scripts, 'blessed' (reviewed) scripts, user-warnings, no action?
> What I'm hoping to do is create a user script directory which would be
> integrated (sidebar or something) with GM. Scripts would be listed in
> the directory as discovered. Users could flag scripts as
> questionable. Trusted folks would reject/approve flagged scripts.
> Installing from outside the directory would be allowed, but discouraged.
> (you can do XSS with IFrame, for example). The only exceptions are
> that 1) it runs automatically, and 2) it's not under the page
> publisher's control.
> The first point is only significant when comparing to bookmarklets,
> which aren't effective as malicious code because the user is quite
> conscious of when the script is running. But any old bookmarklet
> could certainly steal your cookies. An ambitious one could also
> keylog and send data to a 3rd party domain via IFrame. It just
> doesn't run automatically, so your keylogging would only be effective
> when the bookmarklet is invoked, and die on the next page. So it
> might be useful for the user to be able to provide a global exclude
> (don't run on bankofamerica.com). But otherwise, I don't see a big
> deal here.
> I don't really see that the second point makes any real difference.
> That is, I don't see why a script would necessarily be more or less
> trustworthy than a site, because in either case, the user chooses
> where to go or what to install.
> So. The direction is to provide a way measuring trustworthiness, and
> warning uses when they try to install something untrustworthy. Trying
> to totally secure JS without breaking most of the useful features
> would be a hairy, perhaps impossible problem.
> > I'm concerned because A) I think GM is amazingly cool, and has a
> > potential to get a serious level of uptake (at least in certain
> > circles)
> With Opera and IE getting in on this, yes, I certainly hope so.
> >and B) all it takes is one bad apple to bring a sour taste to
> > the whole thing.
> Hmm. Maybe. I don't really see a big difference in the threat model
> (using the term loosely) between this and extensions or (automated)
> bookmarklets, given a trusted source and a community of reviewers).
> I'm working on the directory. Do you have other ideas?
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
More information about the Greasemonkey