[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Godmar Back godmar at gmail.com
Mon Jul 18 15:19:39 EDT 2005


The "CS textbook" way of solving this problem is by associated a code
principal with a GM script, and by making sure that the GM runtime 
only uses the privileges associated with that principal. If GM code is
invoked by the web site trying to exploit GM, the privileges are not
granted; if the GM script itself calls into GM, the privileges are
granted.

The mechanism for doing this in Java ("stack inspection") was invented
at Netscape by Wallach and others in the 90s - this became later in
somewhat modified form the Java2 security model. It was always my
understanding that Netscape had something similar for its JavaScript.

A cursory look at Mozilla's page reveals that Mozilla might provide a
similar mechanism with script signing, and associating signed scripts
with code principals to ensure that the privileges are only granted
according to what the signer is entitled to, and only if invoked from
signed code.

Would Mozilla's Javascript security model be applicable to
greasemonkey in this manner?

 - Godmar

On 7/18/05, Mark Pilgrim <pilgrim at gmail.com> wrote:
> On 7/18/05, Godmar Back <godmar at gmail.com> wrote:
> > Could a malicious web site serve JavaScript that would create
> > connections to domains other than the domain from which it came if the
> > user has a GM script that is triggered for all pages, since the
> > GM_xmlhttprequest function object (or whatever it was called) will
> > then exist in the environment of the page?
> 
> Yes.  http://diveintogreasemonkey.org/experiments/xmlhttprequest-leak.html
> 
> --
> Cheers,
> -Mark
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>


More information about the Greasemonkey mailing list