[Greasemonkey] Alternative script injection technique proof of
gm at plsek.id.au
Tue Jul 19 23:42:31 EDT 2005
John Plsek wrote:
> or, there can be a fifth option ...
> adding a "flag" metadata with one of 3 options.
> 1) neutred (the default if no flag specified)
> 2) standard - as they are run now, ie, potentially exploitable, but
> fully functional
> 3) trusted - run with the elevated privileges
Well, I must say I'm surprised there was no comment to this, everything
else I've posted about this security problem seems to be have been shot
down in flames.
Well, I've gone ahead and tried it out. Changed gm to inject in one of
three ways on a per script basis. I've gone through the two dozen or so
scripts I have installed:
if they didn't use any GM_ commands, I flagged them as neutered,
if they did, I either deleted them or flagged them as trusted. Actually,
I only deleted one, but I didn't really use it anyway!!
The trusted ones run (maybe ill advisedly) with "raised priveleges", as
this was the consequence of at least two of the alternate techniques
proposed. However, as the "extra" privelege is only a risk if it is
used, I can't really see the problem.
I even went to the extent of modifying manage.xul to make changing the
flags a breeze.
Odd thing is ... I think GreaseMonkey leaks less (if any) memory now ...
but maybe that's an 0.4 thing!
More information about the Greasemonkey