On Thu, 2012-03-15 at 14:04 +0000, David Woodhouse wrote: > On Thu, 2012-03-15 at 09:36 -0400, Zdenek Pavlas wrote: > > Actually, on second thought, I'd rather not have this enabled > > by default. While the support of KDE/GNOME config tools is nice, > > the WPAD protocol seems quite scary. > > > > If I understand it correctly, an (not too hard to forge) DHCPINFORM > > reply instructs the library to grab an URL and run Javascript in it. > > > > Does the library drop root privileges before doing so? How secure > > is the JS sandbox? > > While that's a worthwhile and sensible question, it's also an > implementation detail. Rather than using the original libproxy, > distributions these days should *actually* be using the trivial > implementation of the same API which comes from PacRunner. And then it's > just a DBus call to the PacRunner dæmon, rather than reloading the same > damn PAC script and having a JS interpreter in *every* process that > wants to lookup a proxy. The original libproxy implementation can, and > should, just die completely.
Do we really need a daemon? Can't you have libproxy start some sandboxed thing? This isn't like a web browser where we'll constantly need to look for proxies for URLs. > I'd be content just to put the DBus calls directly into yum/urlgrabber > instead, but libproxy is an API that others are using and it seemed like > the better choice in general when 'fixing' applications. But for yum, > given the security environment, I'd be content to say "we *really* don't > want to use the original libproxy, and PacRunner support is enough". Putting direct dbus calls into urlgrabber will get NAKd pretty quick, by me. Worst case use the "libproxy API" and have some test that only passes when using "PacRunner" as the backend for the API. Better would be to use that API test to change the default (so defaults off for direct libproxy, but can be turned on for those that need it). Best would be having a safe local sandbox API we can use, and just having the DBus stuff for "optimisation". Then default to on all the time. _______________________________________________ Yum-devel mailing list [email protected] http://lists.baseurl.org/mailman/listinfo/yum-devel
