On 11-05-15 20:21, Ryan Sleevi wrote:
On Mon, May 11, 2015 4:09 am, David Woodhouse wrote:
I completely agree that Chrome should only ever load the modules which
are configured to be loaded into Chrome. I'm surprised you feel the
need to mention that.
Because you still don't understand, despite how many ways I'm trying to
say it.
It's not simply sufficient to load module X into Chrome or not. p11-kit's
security model is *broken* for applications like Chrome, at least with
respect to how you propose to implement.
Let's say you've got Module X.
Today, Chrome controls loading of modules. It can load module X into the
browser process (and trusted process) and *NOT* load Module X into a
sandboxed zygote process that it then uses to start renderers and such.
Actually, no, Chrome doesn't control anything. Enabling a PKCS#11 module
in chrome requires one to muck about with modutil, which is rather ugly.
--
Wouter Verhelst
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
