undefined | Better HN

0 pointsthe847210y ago0 comments

> Are you trying to open up a massive security hole?

Firefox extensions run in a privileged context. They essentially are not really different from components of firefox itself.

Firefox components can obviously access the filesystem. So can extensions.

An extension in itself is not any more a security hole than firefox itself.

> Seriously, stop treating the browser as the OS+desktop.

While I agree with you there, what's needed to get to that point would be browsers actually talking to the native environment more. Pipes, sockets, filesystem access (chroot-style) even limited process launch capabilities.

If web or extension APIs allowed that it would be far easier to integrate with native instead of having to build it straight into the browser.

But that just addresses the "app" kind of extension.

Other extensions instead customize the web browsing experience. For example if you have a file form and want to do automation (filling in the right files?) then you already need access to the file system. This has nothing to do with native apps and yet needs access to native resources.

0 comments

2 comments · 1 top-level

dingaling10y ago· 1 in thread

> Firefox components can obviously access the filesystem.

Which is a hole that should be plugged.

Beyond its home subdirectory and a tmpfs Downloads location an Internet-connected browser should be prevented from writing anywhere.

Bonus points for preventing read access to non-runtume locations too. Not only prevent bad data from coming in but prevent good data from being sucked out.

simonster10y ago

Sandboxing extensions' access to the file system would be acceptable. We could work with that, just as OS X app developers have. But Chrome and the current WebExtensions API don't allow extensions any file system access beyond what webpages get.

j / k navigate · click thread line to collapse