On Sun, Dec 30, 2018 at 06:04:17AM -0700, Theo de Raadt wrote: > Anyways, I haven't seen a specific consumer ready to use this > information from sysctl. I'm sure such programs exist and will be > adapted to use sysctl (or a file, will we make it mode 600 by > default?) rather than some linux interface. But I'm pretty sure I > don't want a system call making this feature available to all my > software, including some of the gigantic software I run which will > communicate my whereabouts to the world, such that the information can > be used against me. > > In many ways this is similar to the video pledge for firefox. firefox > main-process wants to do EVERYTHING. That diff is an attempt to > continue enforce pledge "everything" in the main-process, by adding > all missing features to pledge such that the main-process can be > pledged (but really, pledge in name alone, since it really requests > all features to work). > > So if we add a security control feature to block access to sensors, > will firefox want a way to enable GPS coordinate data so that it can > give it to the cloud? > > You will all sense I am becoming quite cynical about where this is going.
Well, this drifted far away from the original diff, but i'll reply anyway since i'm feeling lucky. I'm mostly interested in it to record offline traces of trips/hikes for my personal use. After all, that's why i bought a gps, plugged it to my laptop, and i thought it would be simpler to integrate the missing bits (speed/altitude) in the sensors framework rather than running gpsd. Let's be clear since you seem worried about that, i have no plans to make firefox use that information. It *could* be possible though if people show interest, provided that: - one enables location sharing in firefox when a website asks for it: well, that also means you trust it to not share the location when you said you dont want to. At that point, if you dont trust it, dont run it. Do you trust your smartphone to disable the gps when you tell it so ? Your laptop vendor to disable the webcam when you say so in the bios ? Where is the line ? - one implements the missing bits between firefox and geoclue (https://bugzilla.mozilla.org/show_bug.cgi?id=1063572) - so far nobody showed interest upstream, and location is done through the public IP (as the browser doesnt have access to the list of nearby wifi networks, which is what's done on other OSes) cf https://support.mozilla.org/en-US/kb/does-firefox-share-my-location-websites - one implements the missing bits in geoclue to read location from hw.sensors.nmea. I had a quick look a while ago and never managed to get anything out of geoclue. If i had to choose and wanted to share my exact location with a website (for $reasons), i'd rather do it through a passive gps device rather than actively pinging google location services.. Landry
