On Sat, May 9, 2015 3:30 pm, David Woodhouse wrote: > On Fri, 2015-05-08 at 15:07 -0700, Ryan Sleevi wrote: > > Yes, it should. You'll introduce your users to a host of security issues > > if you ignore them (especially for situations like Chrome). For example, > > if you did what you propose to do, you'd be exposing people's smart card > > modules to arbitrary sandboxed Chrome processes > > So arbitrary sandboxes Chrome processes already have free rein to use > certificates in my NSS database? Isn't that a problem *already*? And if > people ever want to use the PKCS#11 token in their web browser, they're > going to need to expose it anyway. And if they don't, the p11-kit > configuration does permit a module to be visible in some applications > and not others.
No David, that's quite the opposite of what I was saying. If you did what you propose - patching to ignore the noModDB & friends - you'd be introducing security issues. The security issues do not exist now. Your patch would introduce them. You don't need to expose it to the sandbox to use PKCS#11 in the web browser. That's not how modern sandboxed browsers work. And yes, your conclusion further emphasizes my original point - some applications explicitly do not wish to have p11-kit introduced, and by just blithely introducing it, you're introducing security vulnerabilities. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
