| ▲ | ptx a day ago |
| So websites can now nag users to allow access to the root of their local disk and then read all their files and settings, all their SSH keys and other passwords? From what I gather from the docs [1], this API gives you a FileSystemDirectoryHandle object, and then you just call getDirectoryHandle() on that to recursively read the the entire filesystem. The spec [2] has some vague suggestions about blacklisting certain particularly sensitive files, which doesn't seem reassuring. [1] https://developer.chrome.com/docs/capabilities/web-apis/file... [2] https://wicg.github.io/file-system-access/#privacy-wide-acce... |
|
| ▲ | jaffathecake a day ago | parent | next [-] |
| > So websites can now nag users to allow access to the root of their local disk No, Chrome doesn't allow this. Here's a simple demo: https://output.jsbin.com/kekekac/quiet - note that you can't select root, Downloads etc. |
| |
| ▲ | a day ago | parent | next [-] | | [deleted] | |
| ▲ | croes a day ago | parent | prev | next [-] | | In this example https://web.dev/patterns/files/open-a-directory I can select Downloads | | |
| ▲ | codedokode a day ago | parent [-] | | I could select /boot and ~/.cache. Genius. Given how smart are many Internet users this will definitely not cause any misuse. | | |
| ▲ | ThatMedicIsASpy a day ago | parent [-] | | After seeing a recaptcha with a QR code. Suddenly those fake recaptchas with a run dialog don't seem too far fetched. |
|
| |
| ▲ | move-on-by a day ago | parent | prev [-] | | Ah yes, totally secure. I’m sure there will be no unforeseen problems or bypasses. | | |
| ▲ | streptomycin a day ago | parent [-] | | It's been in Chrome for 6 years and I'm not aware of any problems it's caused. | | |
| ▲ | fg137 a day ago | parent | next [-] | | I'd argue this is because it's rarely used. | |
| ▲ | croes a day ago | parent | prev [-] | | Yet.
It’s not hard to imagine a case where it is a bad idea to give the browser access to the whole content of a directory. There is a reason why it’s Chromium browsers only, don’t you think? | | |
| ▲ | streptomycin a day ago | parent | next [-] | | So what should I do if I want to make an app with this functionality? Do I have to tell users to download and run some executable? You can imagine a case where that is a bit riskier than a nicely sandboxed web app with permission to access one directory. | | |
| ▲ | danaris a day ago | parent [-] | | > Do I have to tell users to download and run some executable? Well, yes. The alternative is to give any malicious ad the ability to drive-by-download malware onto your machine. | | |
| ▲ | streptomycin a day ago | parent | next [-] | | Well there is a permission dialog and you need to select the directory to grant access and common sensitive directories are blacklisted. A malicious ad would probably have an easier time tricking you into downloading and running an executable, which is something that has actually happened many times IRL. Worry about that before worrying about theoretical exploits that nobody has actually exploited in an API shipped in the world's most popular web browser for the past 6 years. | | | |
| ▲ | rcxdude a day ago | parent | prev | next [-] | | That isn't how any of these things work, though. This kind of thing needs a permission to be granted by the user and it does not extend to third-party ads appearing on the site that it is granted to (banner ads have, for a long time, been sandboxed in iframes in the browser to prevent such exploits). I wish native applications had this level of isolation from each other. | |
| ▲ | modeless a day ago | parent | prev [-] | | Did you miss that this has been shipped in Chrome for 6 years? How many drive-by-download viruses has your machine gotten since then? Zero for me... | | |
|
| |
| ▲ | rcxdude a day ago | parent | prev | next [-] | | Just because a problem is not hard to imagine it doesn't mean that the problem is actually a problem in practice. It is worth asking if there are any signs of it existing for real. | | |
| ▲ | croes a day ago | parent [-] | | I hear a lot of this "nothing has happened so far" from people who DUI before their first crash and people who use the same password on multiple sites before their first credential stuffing hack | | |
| ▲ | rcxdude a day ago | parent [-] | | to use your analogy you're claiming that half the population has been driving drunk for years and yet you aren't pointing to an increased rate of collisions on the road. This is not the same thing as an individual doing a dumb thing and getting away with it for a while. | | |
| ▲ | croes 16 hours ago | parent [-] | | Could it simply be because many use their smartphone to browse the web and of those many have an Apple device and Safari based browsers don't support that API? It's like the eraly claims that MacOS has no viruses.
No the bad guys jsut didn't care enough because the ROI wasn't big enough |
|
|
| |
| ▲ | leptons a day ago | parent | prev [-] | | Apple will never implement anything in a browser that could make a web app as capable as a native mobile app, they are simply too greedy. Firefox typically doesn't implement these things unless they have to because they don't have the resources that Google and Apple do. | | |
|
|
|
|
|
| ▲ | Ajedi32 a day ago | parent | prev | next [-] |
| Root directory would be on that blacklist for sure. Those "vague suggestions" actually seem to include some pretty specific examples. > A user’s entire "home" directory. Individual files and directories inside the home directory should still be allowed, but user agents should not generally let users give blanket access to the entire directory. |
| |
| ▲ | EnergyAmy a day ago | parent [-] | | That's not at all specific. What individual files and directories? | | |
| ▲ | Ajedi32 a day ago | parent [-] | | All of them, unless they're also on the list of examples to exclude (like the Downloads folder). I think the point is that as long as the user is sharing things on purpose and not by accident, it should be allowed. Selecting the root of the home directory would probably share a lot of things the user didn't really intend to share (because a lot of apps just dump random config files and stuff in there), but if they specifically select a subfolder they probably have a good idea of what that folder contains. |
|
|
|
| ▲ | superjan a day ago | parent | prev | next [-] |
| Is the camera roll excluded? I bet I am not the only one who has a passport picture in there. I don’t know about other people’s camera rolls, but I bet it is occasionally more saucy than mine. (Sorry for not testing. Chrome-hater) |
|
| ▲ | cnr a day ago | parent | prev [-] |
| Let's not forget that, at the same time, Google forces every developer of any Android app to register in the Google database using an ID scan, otherwise no one can install it. All for the sake of "dear user safety". |
