oss-sec mailing list archives
Re: note on gnome shell extensions
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Thu, 13 Sep 2012 17:39:57 +0200
On Mon, Sep 10, 2012 at 02:48:38PM -0600, Vincent Danen wrote:
* [2012-09-08 18:14:10 -0600] Kurt Seifried wrote: SUSE has some interesting info in their bug: https://bugzilla.novell.com/show_bug.cgi?id=779473#c4 By the sounds of it, this should be harmless. Vincent Untz says that the browser plugin doesn't actually install the extensions, it's passed to another process via a dbus call to gnome-shell, which sends the uuid of the extension to the extensions.gnome.org web site in order to download the extension. See: http://git.gnome.org/browse/gnome-shell/tree/js/ui/shellDBus.js#n305 http://git.gnome.org/browse/gnome-shell/tree/js/ui/extensionDownloader.js#n27 which is: let message = Soup.form_request_new_from_hash('GET', REPOSITORY_URL_INFO, params); And REPOSITORY_URL_INFO is hardcoded earlier: const REPOSITORY_URL_BASE = 'https://extensions.gnome.org'; const REPOSITORY_URL_DOWNLOAD = REPOSITORY_URL_BASE + '/download-extension/%s.shell-extension.zip'; const REPOSITORY_URL_INFO = REPOSITORY_URL_BASE + '/extension-info/'; const REPOSITORY_URL_UPDATE = REPOSITORY_URL_BASE + '/update-info/'; I don't think this is something that can be exploited, based on the above.
Not sure I follow the logic, can't I just upload something malicious to extensions.gnome.org and then force you to download it? I mean, I can try it if you're not convinced it's possible. They surely do not have a magical technique for determining if my code is or can become malicious. Tavis. -- ------------------------------------- taviso () cmpxchg8b com | pgp encrypted mail preferred -------------------------------------------------------
Current thread:
- note on gnome shell extensions Tavis Ormandy (Sep 08)
- Re: note on gnome shell extensions Kurt Seifried (Sep 08)
- Re: note on gnome shell extensions Vincent Danen (Sep 10)
- Re: note on gnome shell extensions Tavis Ormandy (Sep 13)
- Re: note on gnome shell extensions Marcus Meissner (Sep 13)
- Re: note on gnome shell extensions Vincent Danen (Sep 13)
- Re: note on gnome shell extensions Tavis Ormandy (Sep 13)
- Re: Re: note on gnome shell extensions Vincent Danen (Sep 13)
- Re: Re: note on gnome shell extensions Kurt Seifried (Sep 13)
- Re: Re: note on gnome shell extensions Vincent Danen (Sep 17)
- Re: Re: note on gnome shell extensions Sebastian Krahmer (Sep 17)
- Re: Re: note on gnome shell extensions Vincent Danen (Sep 18)
- Re: note on gnome shell extensions Vincent Danen (Sep 10)
- Re: note on gnome shell extensions Kurt Seifried (Sep 08)