[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Nikolas Coukouma lists at atrus.org
Mon Jul 18 16:07:59 EDT 2005


Godmar Back wrote:

>The "CS textbook" way of solving this problem is by associated a code
>principal with a GM script, and by making sure that the GM runtime 
>only uses the privileges associated with that principal. If GM code is
>invoked by the web site trying to exploit GM, the privileges are not
>granted; if the GM script itself calls into GM, the privileges are
>granted.
>
>The mechanism for doing this in Java ("stack inspection") was invented
>at Netscape by Wallach and others in the 90s - this became later in
>somewhat modified form the Java2 security model. It was always my
>understanding that Netscape had something similar for its JavaScript.
>
>A cursory look at Mozilla's page reveals that Mozilla might provide a
>similar mechanism with script signing, and associating signed scripts
>with code principals to ensure that the privileges are only granted
>according to what the signer is entitled to, and only if invoked from
>signed code.
>
>Would Mozilla's Javascript security model be applicable to
>greasemonkey in this manner?
>
> - Godmar
>
Hrm, this might be more usable than I first thought. The obvious thing
to do is have script authors sign their own scripts. That's a bit icky
because we want to make user scripts easy to write. However, if GM
generated a key and signed each injected script itself, we wouldn't
bother the script author.

A quick search returned this link
http://www.mozilla.org/projects/security/components/signed-scripts.html

-Nikolas Coukouma


More information about the Greasemonkey mailing list