Closed
Bug 53511
Opened 24 years ago
Closed 24 years ago
Execution of untrusted binary code using XPInstall
Categories
(Core Graveyard :: Installer: XPInstall Engine, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: tobias.trelle, Assigned: dbragg)
References
()
Details
(Whiteboard: [nsbeta3+][PDTP1])
Attachments
(1 file)
2.04 KB,
text/plain
|
Details |
With the current XPI implementation is it possible to execute untrusted binaries that could perform potentially harmful tasks, such as formatting your harddisk or sending sensitive information over the network. I prepared an XPI archive to demonstrate this security hole. This XPI archive runs a Win32 binary that simple shows a message box but could do anything that is possible with the Win32 API. This bug is not based on some tricky coding. It seems to be a bug in the software design of XPI so I assume it is not limited to the Win32 platform. The bug occurs with M17, NNPR1, NNPR2. I tested it with Win NT4, Win2000.
Comment 1•24 years ago
|
||
Seeing this with 2000091908 on NT4. Shortly after one clicks the "XPI archive" link and says "Ok" to "The following packages will be installed," the message box appears as illustrated. Classic workaround is of course "don't do that, then."
Reporter | ||
Comment 2•24 years ago
|
||
Still, XPI is much more insecure than the current SmartUpdate procedure. To do the same with SmartUpdate I have to digitally sign the archive with e.g. a VeriSign code signing certificate. Please don't get me wrong: I like XPI very much the way it works now because I won't have to buy a commercial code signing cert at $400 per year as I have to do with NN4. But think of the ongoing anti-JavaScript and anit-everything-scriptable paranoia. The current XPI implementation will make it even worse.
Comment 3•24 years ago
|
||
Installing software is inherently unsafe. Signing didn't change that, it simply meant that the potentially unsafe action had not been tampered with since it was signed with a particular company's cert. There was no guarantees the software was virus free or non-malicious, simply that you would know who to blame if it was (assuming the company's certificate hadn't been stolen). The real problem here is that the XPInstall confirmation dialog does not make this risk clear to users. It should contain text similar to the 4.x download screen for "untrusted" helper apps: "Software that contains malicious programming instructions could damage or otherwise compromise the contents of your computer. You should only install files from sites that you trust." This is a localization change, and "p1" only in a legal sense -- seeking permission from PDT and localization to do this.
Comment 4•24 years ago
|
||
Sounds good to me if Montse agrees
Comment 5•24 years ago
|
||
The wording is fine.
Zee bug she is feexed. Added text mostly as presented in the bug. It now reads: "A web site is requesting permission to install software on your machine."> "Software that contains malicious programming instructions could damage or otherwise compromise the contents of your computer. You should only install software from sites that you trust. Changed the "Packages to install" to "Would you like to install the following packages?" so it fits more with the OK/Cancel button.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 10•24 years ago
|
||
Build: 2000-09-22-08-M18(WIN), 2000-09-22-08-M18(MAC), 2000-09-22-08-M18(LINUX) Looks really nice. Scrolling looks good. Resizing column headers looks clean.
Status: RESOLVED → VERIFIED
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•