User: Password:
|
|
Subscribe / Log in / New account

A trojan in a Firefox security add-on

A trojan in a Firefox security add-on

Posted Jul 23, 2010 3:53 UTC (Fri) by zooko (guest, #2589)
In reply to: A trojan in a Firefox security add-on by nye
Parent article: A trojan in a Firefox security add-on

The Mozilla Jetpack project is an attempt to make a framework for add-ons which is auditable and confinable. If successful, Jetpack will make it easy to prevent this sort of backdoor without requiring auditors to carefully pick apart reams of confusing code and without popping up annoying and useless "Is it OKAY?" dialog boxes that the user will learn to autoclick.

Honestly, I'm pretty damned excited about Jetpack. Long-time readers of LWN.net might notice that I always post a comment after one of these articles bemoaning the futility of combatting malware by controlling authorship of code and by auditing enormous codebases. I've often alluded to the possibility of a better system based on confinement and dynamic access controls (i.e. capabilities). Jetpack is finally an attempt to do it that way.

Disclosure: Jetpack is being designed by my good friend and long-time collaborator (on the Tahoe-LAFS project) Brian Warner. Even if I didn't already think the basic idea was super great I would be biased towards liking Jetpack just because Brian Warner is awesome.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds