Firefox:Safer Extension Installation

From MozillaWiki
Jump to: navigation, search

Background

Specs and Requirements TBD.

shaver's wishlist:

  • Streamed updates
    • Ability to designate an individual update as being for one or more streams
  • Multiple available updates
    • Ability to present multiple updates for the user's selection. (With this, you can actually fake a poor man's stream system.)
  • Extension cleanup
    • Registration of a pref namespace or pref list for optional removal at uninstallation time. This should be something that can be registered/unregistered at runtime, preferably.
    • Probably something similar for localstore data, storage dbs, etc.
    • We need to run some unregisterSelf hook on the components when/before we uninstall them, so that they can clean up category entries and other component
  • Much better error handling/reporting
    • Whenever we tell the user that there was an error, we need to have a [Details...] button or something so that they can get something useful too
  • Global extensions and packaging
    • Global extension uninstall
    • Ability for a user to disable a globally-installed extension without doing it globally.
    • Can't require a root profile for installation of global extensions!
    • Need a way to query the list of globally installed extensions from the command line.
  • Unification of search plugins with extension manager, so we get some similar update, removal (!), etc. functionality?
  • Inter-extension dependencies, based on UUID and the usual version algebra.
  • Distinguished version information for nightly builds.
    • "1.4+" needs to still work, but I also need a way to say "1.4+ with a build ID of 2004121407 or greater".
  • More robust platform-tagging.
    • We need to be able to distinguish not only "linux", "solaris", "os/2", but also "x86-64" vs. "x86", probably other optional CPU specifiers like "g5". There's a lot of decent prior art here in the Linux packaging space that we can build off of.

piecu's whishlist:

  • Multilingual installation script. If extension can contain more that one locale, why not do the same with install.rdf?

Improved Security

- make user type "install" to install an extension?

  • How about using a 'password', gathered and stored similar to other passwords? It's left as an exercise for the reader to determine if autofill would be tolerable (someone will build an extension to do it, surely).
  • Here's my pitch:
    • The crowbar becomes the primary UI for remote installs.
    • The crowbar integrates the password mechanism. On first use or if the password is not configured, change the title of the password box to "Set Password" or some such.
    • For users who can change the whitelist, controls appear to allow doing so (directly) and also to allow one-time bypassing. (Can an admin pre-populate the whitelist and/or make it read-only?)
    • The former install dialog becomes both on-demand and purely informational (warning, domain name, software name, etc.). The dialog is accessed through a "Details" button. The on-button timer goes away.
  • If this is all whack, just delete it. It won't hurt my feelings. ;-)
User Trusted, Site Trusted:
+--------------------------------------------------------------------------------------------+
|----- Attempting + Trusted Site ----------+ + Password ------------+ +-------+ +-------+  _ |
| \!/  To Install | [ ]Switch to untrusted | |[                    ]| |Install| |Details| |X||
|  V   Software   +------------------------+ +----------------------+ +-------+ +-------+  - |
+--------------------------------------------------------------------------------------------+

User Trusted, Site Untrusted:
(Default to >This Install< since they attempted it? [Or >Never< if autofill is likely.])
+--------------------------------------------------------------------------------------------+
|----- Attempting + Untrusted Site --------+ + Password ------------+ +-------+ +-------+  _ |
| \!/  To Install | Trust:[This install :v]| |[                    ]| |Install| |Details| |X||
|  V   Software   +-------|This website   |+ +----------------------+ +-------+ +-------+  - |
+-------------------------+===============+--------------------------------------------------+ 

User Untrusted, Site Trusted:
+--------------------------------------------------------------------------------------------+
|----- Attempting + Trusted Site ----------+ + Password ------------+ +-------+ +-------+  _ |
| \!/  To Install | Installation allowed   | |[                    ]| |Install| |Details| |X||
|  V   Software   +------------------------+ +----------------------+ +-------+ +-------+  - |
+--------------------------------------------------------------------------------------------+

User Untrusted, Site Untrusted:
+--------------------------------------------------------------------------------------------+
|----- Attempting + Untrusted Site -------------------------------------------+ +-------+  _ |
| \!/  To Install | Software from this site is considered a security risk.    | |Details| |X||
|  V   Software   +-----------------------------------------------------------+ +-------+  - |
+--------------------------------------------------------------------------------------------+
Retrieved from "https://wiki.mozilla.org/index.php?title=Firefox:Safer_Extension_Installation&oldid=19562"