GNOME Bugzilla – Bug 665452
Very nice idea, but are there going to be safeguards in place soon?
Last modified: 2011-12-04 19:39:54 UTC
I really like this idea, but it raises a interesting question---As the web page can interact with my operating system & install things without a root password---what safeguards are being contemplated? How is the site signed? This "seems" (very loosely) to work kind of like a Ubuntu PPA--but without adding anything to a sources.list...Last thought is what kind of checking is being done on the extensions available?
(In reply to comment #0) > I really like this idea, but it raises a interesting question---As the web page > can interact with my operating system & install things without a root > password---what safeguards are being contemplated? How is the site signed? The actual interaction between the web site and the system is done as a browser plugin. The browser plugin is especially careful to make sure that nobody but extensions.gnome.org can activate it -- it shuts itself off at the earliest opportunity if the domain of the site is not that.
Some of the safeguards in place here: - The plugin can only be used from https://extensions.gnome.org and no other site (https is required - we don't allow http) - The plugin doesn't download plugins, it communicates over D-Bus with GNOME Shell to install plugins. What is sent to GNOME Shell is just the ID of the extension to install - so even if the first check is bypassed, the plugin still can't cause arbitrary plugins to be downloaded from other sites. - Before installing an extension, a dialog is displayed to the user to confirm that they intended to install an extension. - GNOME Shell separately communicates with extensions.gnome.org over HTTPS and checks the certificate validity. So, if the user was convinced to accept an invalid certificate for https://extensions.gnome.org as an exception in their browser, GNOME Shell still would catch that and refuse to install. So, while I wouldn't rule out the possibility of an issue being found, we have multiple layers in place to reliably tie extension installation to https://extensions.gnome.org.