Permissions management for extensions

Discussions about the development and maturation of the Unified XUL Platform (UXP).
Warning: may contain highly-technical topics.

Moderators: trava90, satrow

Post Reply
User avatar
Andrew Herbert
Apollo supporter
Apollo supporter
Posts: 49
Joined: 2019-11-25, 21:46

Permissions management for extensions

Post by Andrew Herbert » 2020-02-08, 21:32

We already have permissions management for websites, why not have it for extensions too?

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 6649
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Permissions management for extensions

Post by New Tobin Paradigm » 2020-02-08, 21:58

Because no, that's why. Also, you posted in the wrong category. This should be under UXP development cause such non-sense would affect us all.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-08, 22:04

Topic moved.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-09, 06:10

If you're going by WebExtensions having a permissions model, note that it has done zilch to stop the spread of counterfeit extensions that steal your data. If user permissions worked as intended, Android should be free of malware. Now Webextensions have resulted in the same problem on AMO as with Google's Play Store - tons of shitty extensions that are copied from popular ones, or that demand different permissions and spy on your usage.
The same goes for forced extension signing - it caused a huge problem last year when the signing certificate expired, and has done nothing to fix security. Nothing beats human review of submitted extensions for problems, and earlier Mozilla used to do that when they supported XUL.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Andrew Herbert
Apollo supporter
Apollo supporter
Posts: 49
Joined: 2019-11-25, 21:46

Re: Permissions management for extensions

Post by Andrew Herbert » 2020-02-13, 16:21

moonbat wrote:
2020-02-09, 06:10
If you're going by WebExtensions having a permissions model, note that it has done zilch to stop the spread of counterfeit extensions that steal your data. If user permissions worked as intended, Android should be free of malware. Now Webextensions have resulted in the same problem on AMO as with Google's Play Store - tons of shitty extensions that are copied from popular ones, or that demand different permissions and spy on your usage.
The same goes for forced extension signing - it caused a huge problem last year when the signing certificate expired, and has done nothing to fix security. Nothing beats human review of submitted extensions for problems, and earlier Mozilla used to do that when they supported XUL.
But it doesn't mean that permissions model is useless, and it can also help with privacy concerns.

Moreover, extension signing isn't comparable, since it takes away choice from the users due to its centralized nature.

User avatar
Lootyhoof
Themeist
Themeist
Posts: 1357
Joined: 2012-02-09, 23:35
Location: United Kingdom

Re: Permissions management for extensions

Post by Lootyhoof » 2020-02-13, 16:29

You can't have both full XUL extensions AND a fleshed out permissions model. The extensions can hook anywhere into the platform, that's the entire point of them.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-13, 17:07

One other thing:
The WebExtensions permissions model is just offloading the task of vetting to the end user. And (legally speaking) nobody but the end user can be blamed if it's malware.

XUL extensions are as powerful as they are EXACTLY BECAUSE they are as native in their code permissions as the browser code itself is.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-14, 00:19

And for all the bullshit about XUL being insecure compared to WebExtension, the opposite has been shown to be true, there never was a rash of XUL extension malware as there is now - thanks to their making extensions compatible with Chrome so now there's cross browser malware easily ported from there. The permissions and forced extension signing did nothing to stop the spread of malware and copycat or counterfeit extensions on AMO - there is no substitute to having humans examine and vet submitted extensions.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-14, 00:33

moonbat wrote:
2020-02-14, 00:19
The permissions and forced extension signing did nothing to stop the spread of malware and copycat or counterfeit extensions
Of course it didn't. Why would anyone think it did?

Extension signing by an automated process and enforcing it in the browser does one thing and one thing only: vendor lock-in to the distribution platform. It's exactly the same reason why we have never agreed to use F-Droid for the Pale Moon for Android version when that was a thing. It's marketed as a "security" feature based on the approach that people now can't be tricked into downloading and installing extensions from potentially malicious sources. But the problem is that the extensions are easily distributed through the locked-in platform too, AND it allows the distribution platform to restrict (read: censor) which extensions are "allowed" based on arbitrary reasons, as well as being incompatible with licensing that protects the rights of developers/authors.

The permissions system did nothing because if people are installing extensions that need specific permissions, they are of course going to grant them. Even in the case of an extension with initially harmless permissions: Provide a malware update requesting additional permissions and what will the average user do? Grant them of course, because they want the extension to work and continue working.
And that's just talking within the bounds of the permission system, not even touching on bypassing it completely.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-14, 00:36

Moonchild wrote:
2020-02-14, 00:33
Of course it didn't. Why would anyone think it did?
I've seen this touted as a feature that makes it superior to Pale Moon :roll:
No reply when reminded of the number of malware WebExtensions that somehow never were a problem under 'dangerous' and 'insecure' XUL/XPCOM.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-14, 00:37

moonbat wrote:
2020-02-14, 00:36
I've seen this touted as a feature that makes it superior to Pale Moon :roll:
See my previous replies.
I guess it falls in the same category of "not knowing what you're talking about" as the whole "Pale Moon is insecure because they removed the (sic: unused) sandbox code"
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-14, 00:42

Moonchild wrote:
2020-02-14, 00:37
I guess it falls in the same category of "not knowing what you're talking about" as the whole "Pale Moon is insecure because they removed the (sic: unused) sandbox code"
If I had a penny for every time that 'insecure' bit has been pushed around. No one for some reason can point to a security bug that was fixed in Firefox but remains a problem here.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-14, 01:22

moonbat wrote:
2020-02-14, 00:42
No one for some reason can point to a security bug that was fixed in Firefox but remains a problem here.
Maybe that reason is that Pale Moon keeps up with all sec issues that are applicable? Just a suggestion. 8-)
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-14, 04:35

The usual response from them is again *crickets*. Won't stop the FUD from being spread though.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-14, 08:15

Off-topic:
moonbat wrote:
2020-02-14, 04:35
The usual response from them is again *crickets*. Won't stop the FUD from being spread though.
Yeah unfortunately there are no consequences for these people spreading FUD. It's completely unfair. People can spread FUD, causing bad PR (severity of which depending on the popularity of the channel used, not the reputation or authenticity of the FUDer) for those they target, which has consequences, but at the same time they go completely free without repercussions. What's worse is that if you actually try to correct this situation with statements of truth (which takes considerable effort and distracts from things of importance) you are often painted in a negative light for doing so as well... Still trying to figure that one out.

I can truly, honestly say I'm sick and tired of that situation.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 25678
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Permissions management for extensions

Post by Moonchild » 2020-02-14, 09:09

To give an example of WebExtension permissions causing security issues, see CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
So anyone trusting the WebExtension permissions system being a safe way to restrict what WEs can do is regularly letting a wolf in along with the sheep.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
moonbat
Board Warrior
Board Warrior
Posts: 1072
Joined: 2015-12-09, 15:45
Location: Australia

Re: Permissions management for extensions

Post by moonbat » 2020-02-14, 10:49

I think the open web is lost :(

Google has destroyed the concept of software versioning, with everyone copying them, including Microsoft with Windows 10, and now the HTML standard itself - I don't see any way for it to get out of their clutches.

Edit - Was getting maudlin - just thinking of how with all this lipstick on pig that Mozilla's done, they're still seen as champions of privacy.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Linux Mint 19.3 Xfce x64 on HP i5 laptop with 4 GB RAM, always latest versions of PM & Basilisk unless specified.

Post Reply