On 2014-07-14, 7:22 AM, tzi...@gmail.com wrote:
On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote:
On 13/07/14 18:35, Vasilis wrote:
Jonas, I would be really interested in your thoughts. Try as we might
(in the WebSerial API docs, at least), noone could actually think of
a use case where providing access to a physical (RS232), or Virtual
(VirtualUSB or VirtualBluetooth) serial port could be a privacy
and/or security issue.
It's a whole different beast when you provide access for cameras or
any USB device, of course, but what could someone do with access to a
serial port?
The WebSerial interface doesn't cover the Universal Serial Bus, then?
For USB, the OS has some underlying knowledge of what the device is,
right? So we could do permissions for USB on a per-device rather than
per-port basis, which is the right way to do it IMO. But AFAIK that's
not possible for RS232.
Gerv
Which is the kind of exaggerated security for no real purpose that I mentioned.
The three major OSes give you APIs to access any Serial-Port-like device
(physical or virtual) in a straightforward manner, because, for all intents and
purposes, those are Serial ports. Trying to go around this and map devices with
ports ranges from hard (USB, Bluetooth) to impossible (RS232).
I do agree with Kip, some Serial devices are important and/or dangerous, but do
we really want to set the security of this based on the idea that someone from
a government agency and/or industrial plan will use the power plant's
controlling computer to:
1. Plug in a serial device, like an Arduino
2. Access the Internet
3. Go to a nefarious website
4. Give access to the PLC, and kaboom.
Isn't that a little too much paranoia? Should we have restricted the Camera API
because someone could have used it on a computer with a spycam, thus leaking
goverment info and starting WW3?
I'm going to ignore the caricature version of the threat model that you
put forward here, but yes, this is a real threat and one which we should
protect against. The difference between native OSes and the Web here is
noteworthy: web pages run their code in a sandbox which currently
doesn't get any interesting permissions, and this is the property which
enables you to go to any website without the fear of the website
installing a malware on your machine, etc. But native platforms provide
no such guarantee, so granting access to hardware like this may be OK
for native platforms, but not necessarily for the Web.
The other issue is that prompting the user for a security decision is
really tricky because we would be relying on the user to understand the
details of the thread to be able to make a good decision. In most cases
we prefer to prompt for privacy decisions not security decisions because
usually the former is much easier for the user to decide.
Cheers,
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
