Re: Extensions Infrastructure Work

["Jasper St. Pierre" <jstpierre mecheye net>]

On Wed, Jun 22, 2011 at 3:27 PM, Olav Vitters <olav vitters nl> wrote:
> On Tue, Jun 21, 2011 at 07:12:53PM -0400, Jasper St. Pierre wrote:
>> As I played around with it, I found the HTTP approach more feasible
>> and less ugly than the mimetype handler approach. At first I figured
>> the idea of running a local HTTP server would be a bit ugly, and Owen
>> thought of some security concerns, but there's nothing too critical
>> (or unsolvable) that I know of. The only "ugly" thing from a code
>> perspective is that there's a magic port number: 16269. It's not on
>> the IANA Registered Ports list, so I doubt there's going to be a
>> collision.
>
> Won't that break down in two cases:
> 1. Proxy set in the browser
>   User/sysadmin has to explicitly exclude localhost from being proxied

I'm unsure how or why localhost would be proxied. If it's some DNS
quirk would 127.0.0.1 get around it? If not, is this something we can
put in the sysadmin documentation?

> 2. Multiple users or sessions on the same machine
>   Only the first session can use it.

My idea was that log-out would stop the HTTP daemon for that session
and open one for the current user. Unless there's a special case (I
didn't think of virt) where two users can be securely both actively
having GNOME sessions at the same time, I don't think this is a
problem. The only security issue I can think of that arises out of
this compromise is that a user could ssh in to the same machine and
frob the HTTP server to... install, enable/disable and list extensions
from the official GNOME3 site.

I assume there's no magic way to tie a TCP socket to a user's session
(paging Dr. Lennart Poettering)

> --
> Regards,
> Olav
>

  Jasper