Open rocheston opened 2 years ago
First, a couple of notes:
file:
, and the warnings in the documentation indicate that Browservice has similar permissions on the proxy machine as any normal local browser./etc/passwd
is not particularly secret: it is typically readable by all users and in all systems modern enough to run Browservice, it does not contain any actual passwords. A bigger practical risk is the access to passphraseless SSH private key files of the current user.So far, I have decided not to block the file:
protocol in order to not give users a false sense of security; there are probably ways around the block (as the embedded Chromium browser has not been designed to completely isolate the interactive user from the privileges of the user running the process). However, I do recognize that there might be practical value in having the file:
blocked anyway to at least slow down some interactive attacks. Thus I plan to do the following:
file:
URLs by default; add a command line switch to re-enable it as some users might already be relying on local file access.file:
URL, show a clearly worded error message that explains that the block is only snake oil and there might be ways around it (to avoid giving the user a false sense of security).Now implemented the (disableable) file:
scheme blocking in commit 9026fb231e74eff1d5ac8c9671795a604df25597; it will be included in the next release.
Can you disable accessing local files via file:// method? I know you gave a warning about this. Maybe you want to completely disable this feature.
You don't want this though..