We did discuss this, and we rejected: 1. Having a prompt 2. Sandboxing Check out the discussion, for reasons: http://markmail.org/message/alknczhqdghaurrw
On Mon, Feb 9, 2015 at 8:28 AM, Horn, Julian C <[email protected]> wrote: > We have identified a security issue with the recently added feature of > install-time plugin hooks. > > As far as I can tell, there is nothing that prevents creation of a plugin > with a malicious install-time hook script. Adding that plugin to a project > could corrupt the user's host machine. If that project using that plugin is > submitted to a build server, then the build server could be corrupted. > > Yes, you can use lower level plugman scripts to fetch plugins and then > pre-scan them for install time hooks and track down all the dependencies and > scan them too. So this is fixable (on a build server), but it's a lot of > extra work; "cordova plugin add" should not be an unsafe operation. > > I propose that the CLI should check to see if a plugin requires an > install-time hook and require the user to explicitly grant permission before > executing the install hook. A build server would always deny permission. > > Is there something I'm missing here? > > Julian --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
