[Greasemonkey] Safely dropping privileges?
Aaron Boodman
zboogs at gmail.com
Tue Apr 4 10:35:32 EDT 2006
I think that this is something that GM would need to directly support,
since the exploit usually occurs before your code runs.
But it's a good idea. What somebody mentioned awhile back, and I still
think is a really good idea, is for scripts to be able to declare what
permissions they need. This dramatically lowers the number of scripts
that are available for any one exploit.
- a
On 4/4/06, Mook <mook.moz+sites.org.mozdev.lists.greasemonkey at gmail.com> wrote:
> Hi,
>
> I want to write a user script that:
> 1) Does not need any of the elevated privileges provided by Greasemonkey (GM_*)
> 2) Needs to poke unsafeWindow a lot
>
> Since I don't really want to trust the web site, can I somehow drop my
> privileges safely and make sure I don't become a path of exploitation?
> Is the best I can do to iterate through the properties of | window |
> and deleting anything matching /^GM_/ ? (I am mostly afraid of
> missing stuff...)
>
> Asking the list because this seems like something many would want, and
> yet nobody has mentioned...
>
> --
> Mook
> mook.moz at gmail
>
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
>
>
More information about the Greasemonkey
mailing list