Implement chrome.management.install

RESOLVED WONTFIX

Status

enhancement
P5
normal
RESOLVED WONTFIX
3 years ago
13 days ago

People

(Reporter: andy+bugzilla, Unassigned)

Tracking

(Blocks 1 bug, {sec-want})

unspecified
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [management] triaged)

Attachments

(3 attachments)

Reporter

Description

3 years ago
So that an add-on can install another add-on, which will support bug 1280233.

This API doesn't exist in Chrome and we might need to think about security here, although non WebExtension add-ons can already do this.
Reporter

Comment 1

3 years ago
rhelmer made the good point that we might need the install. Testpilot is requesting access to the install flow that AMO has, if that's the case we can use that API and not worry about having this as an API.

Updated

3 years ago
Priority: -- → P4
Whiteboard: [management] → [management] triaged
Blocks: 1282979
I'm not sure I understand what's being said in comment #1, above. rhelmer, can you elaborate/elucidate?
Flags: needinfo?(rhelmer)
(In reply to Bob Silverberg [:bsilverberg] from comment #2)
> I'm not sure I understand what's being said in comment #1, above. rhelmer,
> can you elaborate/elucidate?

Pretty sure we were talking about exposing the AddonManager install API to testpilot.m.o via WebIDL instead of providing this as an API to add-ons. What the current TestPilot extension does (as I understand it) is just make it so the "on/off" install/uninstall toggles on testpilot.mozilla.org work, which we can do more directly.

I would like to avoid exposing an API like this to extensions if at all possible, it should be something we don't allow without some kind of special permission if we do need it.
Flags: needinfo?(rhelmer)
Based on the above, I think we can close this. Feel free to re-open if a case comes up in which we need this.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX

Comment 5

2 years ago
https://addons.mozilla.org/firefox/addon/github-extension-installer/ and https://addons.mozilla.org/firefox/addon/chrome-store-foxified/ needs this api. It can be an interface that allows the user to confirm the installation or temporary loading. For security measures, I don't have a good idea.

In addition, if this is evaluated and implemented, I guess bug 1295324 will no longer be an obstacle to allowing extensions run scripts on privileged AMO pages (replace privileged interface).
Severity: normal → enhancement
Status: RESOLVED → REOPENED
webextensions: --- → ?
Keywords: sec-want
Priority: P4 → --
Resolution: WONTFIX → ---
See Also: → 1369209

Comment 6

2 years ago
Sorry for disturbing, not a real block.
No longer blocks: CVE-2016-9075
Reporter

Comment 7

2 years ago
I would argue neither of those are great examples, the whole sending to AMO, signing as unlisted and so on is messy to say the least.

Since we've now got permission prompts that users must agree to before an install, I'm more inclined to support this API, still not bought on the use case though.
Priority: -- → P5

Updated

11 months ago
Product: Toolkit → WebExtensions
Bulk move of bugs per https://bugzilla.mozilla.org/show_bug.cgi?id=1483958
Component: Untriaged → General

Comment 9

3 months ago

This feature would be really useful allowing implementation of alternative addon managers supporting features don't exist in native FF addon manager.

Is there any plans to implement this feature? What would be likelihood of merging if somebody would submit a patch for this?

Comment 10

17 days ago

I created a patch for this. It isn't complete yet, but currently it allows management.install() to install a WebExtension provided that requesting extension has managementExtensions permission.

I plan to implement preventing installation of addons with managementExtensions permission via this API method to avoid a loophole where two extensions could keep installing each other upon user uninstalling them.

I modified theme-switcher example for testing this patch manually:
https://github.com/ozars/webextensions-examples/tree/b6d0bd0cee6be54100aa93d9f434b28d60d6a426/addon-installer

I would appreciate if you could guide me landing this patch. I'm uploading it to phabricator.

Flags: needinfo?(ddurst)

I think we need to decide whether we allow this at all.

Flags: needinfo?(mconca)

(In reply to Omer Ozarslan from comment #10)

I created a patch for this. It isn't complete yet, but currently it allows management.install() to install a WebExtension provided that requesting extension has managementExtensions permission.

Omer, thank you for the patch. Unfortunately, in the two years since this bug was marked P5, extensions have become an increasingly frequent target for malicious actors. Adding the ability to install an extension via another extension increases the attack surface and raises serious security concerns for Firefox users. Per the WebExtensions policy for new API (see Section II), I am going to deny this patch as too great of a security risk at this time.

I apologize for not catching this and closing it before your patch was submitted.

Status: REOPENED → RESOLVED
Last Resolved: 3 years ago13 days ago
Flags: needinfo?(mconca)
Flags: needinfo?(ddurst)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.