ISSUE-83: Instantiated widget should not be able to read digital signature
digsig should not be read at runtime
Instantiated widget should not be able to read digital signature
- State:
- CLOSED
- Product:
- HISTORICAL: Widgets [Bugs and Issues are tracked via Bugzilla https://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsWG]
- Raised by:
- Jeremiah Albrant
- Opened on:
- 2009-02-22
- Description:
- Need to mention somewhere that the digital signature must not be accessible by the start file once the widget is running.
- Related Actions Items:
- No related actions
- Related emails:
- Re: Proposal for ISSUE-83 (from marcosc@opera.com on 2009-04-23)
- RE: Proposal for ISSUE-83 (from Mark.Priestley@vodafone.com on 2009-04-23)
- Re: Proposal for ISSUE-83 (from marcosc@opera.com on 2009-04-23)
- [widget-digsig] updated Widget Signature editors draft (from frederick.hirsch@nokia.com on 2009-04-22)
- Re: Proposal for ISSUE-83 (from Art.Barstow@nokia.com on 2009-04-22)
- Re: Proposal for ISSUE-83 (from marcosc@opera.com on 2009-04-21)
- Proposal for ISSUE-83 (from frederick.hirsch@nokia.com on 2009-04-21)
- [widgets] Draft Minutes from 16 April 2009 Widgets Voice Conference (from art.barstow@nokia.com on 2009-04-16)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Frederick.Hirsch@nokia.com on 2009-04-14)
- [widgets] Agenda for 16 April 2009 Voice Conference (from art.barstow@nokia.com on 2009-04-14)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from marcosc@opera.com on 2009-04-13)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Art.Barstow@nokia.com on 2009-04-13)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from marcosc@opera.com on 2009-04-09)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Art.Barstow@nokia.com on 2009-04-09)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from marcosc@opera.com on 2009-04-09)
- RE: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Mark.Priestley@vodafone.com on 2009-04-09)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Art.Barstow@nokia.com on 2009-04-07)
- RE: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Mark.Priestley@vodafone.com on 2009-04-03)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from frederick.hirsch@nokia.com on 2009-04-02)
- RE: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from Mark.Priestley@vodafone.com on 2009-04-02)
- Re: [widgets] Agenda for 5 March 2009 Voice Conference (from marcosc@opera.com on 2009-03-06)
- Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from art.barstow@nokia.com on 2009-03-05)
- Re: [widgets] Minutes from 5 March 2009 Voice Conference (from frederick.hirsch@nokia.com on 2009-03-05)
- [widgets] Minutes from 5 March 2009 Voice Conference (from art.barstow@nokia.com on 2009-03-05)
- RE: [widgets] Agenda for 5 March 2009 Voice Conference (from BS3131@att.com on 2009-03-05)
- [widgets] Agenda for 5 March 2009 Voice Conference (from art.barstow@nokia.com on 2009-03-04)
- Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0: Packaging & Configuration spec (from marcosc@opera.com on 2009-02-22)
- ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] (from sysbot+tracker@w3.org on 2009-02-22)
Related notes:
From
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0346.html:
----------------
[mp] The hole is that signature files are excluded from the generation
of the signature values in any other signature files. This means that
if, for example, an attacker added to the widget resource a signature
file containing some malicious content, the malicious content of that
file wouldn't be covered by any of the other signatures but the widget
user agent thinks the entire widget resource is signed. This could
happen regardless of whether or not the signature file was actually
valid, or was just named according to the convention for digital
signature.
To be abused by an attacker it would either be necessary to inject a
reference to the file into the widget, which might be difficult, or to
hijack an existing reference to a signature file by swapping the
intended signature file for the attacker's signature file (with the same
name). While this later attack depends on the author providing such a
reference in their widget, there are two reasons why the author may
currently choose to do this - to get some information about the
signature to display to the user, or possibly more likely, to get around
the need to sign everything in their widget resource (I thought of this
as a way around signing everything so developers will too!).
It's not a big hole and the attacks require some "assistance" from
developers, but unless there's a reason not to it should be pretty easy
to close.
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0346.html
Marcos Caceres, 22 Feb 2009, 18:09:22Closed via the consensus on new text for the P&C spec added by Marcos on 23-Apr-2009.
Arthur Barstow, 23 Apr 2009, 10:23:46Display change log