Thank you all for your input. I would like to sum up in order to have a better overview of what we are looking for.
- Everybody agree that we should provide a restriction level to the api. - The restriction should be on per web page basic and not per port basic which will be inefficient. This has the disadvantage that any web page granted with permissions will be able to enumerate all local serial ports without notice. - Spec mentions that user should be able to grant or revoke permissions to any website explicitly. One way to achieve that is to prompt the user when necessary, which is insufficient security level for the average user. Another way is to configure this option somewhere in the settings, which lacks of usability. This remains an open questions and more proposals are welcome. - Another open question is if the privileged web app should have unrestricted access to the api. I will raise all the above to the security team in order to provide feedback. In any case keep sending your ideas / proposals. -Alex On Mon, Jul 14, 2014 at 4:58 PM, <tzi...@gmail.com> wrote: > Ah, sorry for not being too straightforward Erik. > > The answer is no (as far as the API design goes, but the implementation > should follow that ofc) > > There is actually a very nice image explaining this on our messageboard, > but I'm on my phone so I'll do my best to explain this with a similar > example. > > When you use a Mouse, the OS provides APIs for a mouse, independent of the > connection type (ps2, Bluetooth, serial, USB or other). The OS & drivers > make it show up as a mouse. > > Similarly, when you have a serial port (the OS recognizes this device as a > serial port), the OS provides a set of APIs to talk to that (open, close, > read & write), regardless of the underlying physical connection. > > The WebSerial API proposes the exposure of those APIs (but not the > underlying ones, so no way to talk to the USB stack) to the web. > > I hope this makes things more clear? > > Vasilis > > > On 14 Jul 2014, at 16:46, Eric Rescorla <e...@rtfm.com> wrote: > > > > > > > > > >> On Mon, Jul 14, 2014 at 4:22 AM, <tzi...@gmail.com> wrote: > >> On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote: > >> > On 13/07/14 18:35, Vasilis wrote: > >> > > >> > > Jonas, I would be really interested in your thoughts. Try as we > might > >> > > >> > > (in the WebSerial API docs, at least), noone could actually think of > >> > > >> > > a use case where providing access to a physical (RS232), or Virtual > >> > > >> > > (VirtualUSB or VirtualBluetooth) serial port could be a privacy > >> > > >> > > and/or security issue. > >> > > >> > > > >> > > >> > > It's a whole different beast when you provide access for cameras or > >> > > >> > > any USB device, of course, but what could someone do with access to > a > >> > > >> > > serial port? > >> > > >> > > >> > > >> > The WebSerial interface doesn't cover the Universal Serial Bus, then? > >> > > >> > > >> > > >> > For USB, the OS has some underlying knowledge of what the device is, > >> > > >> > right? So we could do permissions for USB on a per-device rather than > >> > > >> > per-port basis, which is the right way to do it IMO. But AFAIK that's > >> > > >> > not possible for RS232. > >> > > >> > > >> > > >> > Gerv > >> > >> Which is the kind of exaggerated security for no real purpose that I > mentioned. > >> > >> The three major OSes give you APIs to access any Serial-Port-like > device (physical or virtual) in a straightforward manner, because, for all > intents and purposes, those are Serial ports. Trying to go around this and > map devices with ports ranges from hard (USB, Bluetooth) to impossible > (RS232) > > > > I still don't think I understand your answer here. Will this API allow > me to > > directly address USB devices? To take a concrete case, say that I have > > a USB printer, will I be able to use this API (subject to user consent) > > to talk to it directly and print documentS? > > > > -Ekr > > > > > >> I do agree with Kip, some Serial devices are important and/or > dangerous, but do we really want to set the security of this based on the > idea that someone from a government agency and/or industrial plan will use > the power plant's controlling computer to: > >> 1. Plug in a serial device, like an Arduino > >> 2. Access the Internet > >> 3. Go to a nefarious website > >> 4. Give access to the PLC, and kaboom. > >> > >> Isn't that a little too much paranoia? Should we have restricted the > Camera API because someone could have used it on a computer with a spycam, > thus leaking goverment info and starting WW3? > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
