Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable sensitive APIs (eg. window.ipfs.config). Provide a capabilities API. #478

Closed
olizilla opened this issue May 16, 2018 · 1 comment · Fixed by #484
Closed

Disable sensitive APIs (eg. window.ipfs.config). Provide a capabilities API. #478

olizilla opened this issue May 16, 2018 · 1 comment · Fixed by #484
Assignees
@lidel
Labels
area/window-ipfs Issues related to IPFS API exposed on every page kind/discussion Topical discussion; usually not changes to codebase topic/security Work related to security

Comments

@olizilla
Copy link
Member

A dapp should't be able to change my IPFS node config.

It may reasonably want to know what features are enabled. Peerpad uses pubsub, so it would need to check if window.ipfs provided the capabilities it requires before deciding whether to use it or init a custom one. We could let dapps read the config, but an considered api for determining what capabilities window.ipfs is offering seems preferable. Perhaps a "can i have an ipfs node with this config" api?

window.getIpfs({
  EXPERIMENTS: {
   pubsub: true
  }
})

which returns null or throws if the ipfs instance you'd get back can't match your requirements.

or just a "tell me what is enabled api"

window.ipfs.getEnabledExperiments()
// [{ name: 'pubsub', verson: '1'}]

vaguely relevant.
https://developer.mozilla.org/en-US/docs/Web/API/Media_Streams_API/Constraints
@olizilla olizilla added kind/discussion Topical discussion; usually not changes to codebase topic/security Work related to security labels May 16, 2018
@lidel lidel added the area/window-ipfs Issues related to IPFS API exposed on every page label May 16, 2018
@lidel lidel mentioned this issue May 16, 2018
Closed
12 tasks
@lidel lidel changed the title Disable window.ipfs.config.{set,replace}. Provide a capabilities api. Disable sensitive APIs (eg. window.ipfs.config). Provide a capabilities API. May 23, 2018
@lidel lidel self-assigned this May 23, 2018
@lidel
Copy link
Member

lidel commented May 23, 2018
edited
Loading

List of APIs we should remove for now:

  • bootstrap/*
  • config/*
  • stop

Things we should disable until calls are safely sandboxed (prefixed with dapps scope):

Open questions:

  • pubsub (too important to hide, but topic names can't be sandboxed, we have a privacy leak of sorts here)
  • how to handle newly added APIs?
    • deny everything by default and have an explicit, manual whitelist of "safe" APIs

@lidel lidel mentioned this issue May 23, 2018
Open
lidel added a commit that referenced this issue May 23, 2018
@lidel
fix: introduce global whitelist for window.ipfs
199e1c5 
- ideally we want to move API whitelist to ipfs-postmsg-proxy
- closes #478
- mitigates #452
@lidel lidel mentioned this issue May 23, 2018
Merged
lidel added a commit that referenced this issue May 23, 2018
@lidel
fix: introduce global whitelist for window.ipfs
6c4c51f 
- ideally we want to move API whitelist to ipfs-postmsg-proxy
- closes #478
- mitigates #452
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lidel lidel

Labels
area/window-ipfs Issues related to IPFS API exposed on every page kind/discussion Topical discussion; usually not changes to codebase topic/security Work related to security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improving security of window.ipfs (low hanging fruits) ipfs/ipfs-companion
2 participants
@olizilla @lidel