Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable JS for pages with a bad/missing signature #44

Open
Alch-Emi opened this issue Sep 5, 2022 · 3 comments
Open

Disable JS for pages with a bad/missing signature #44

Alch-Emi opened this issue Sep 5, 2022 · 3 comments

Comments

@Alch-Emi
Copy link

Alch-Emi commented Sep 5, 2022

Heya! I'd like to propose that the signed pages web extension should disable JS when a page fails a signature check. This would help protect against the following attack

  1. User logs into the (uncompromised, valid sig) web app, goes about their business, and then closes the app without logging out
  2. The web app is compromised by a malicious attacker interested in user data
  3. The user returns to the web app.
  4. The user's browser has kept their credentials, but not cached the page, and so loads the app from the server
  5. The server sends a malicious web app
  6. The (now malicious) web app uses on-load JS to immediately upload the user's local storage to the attacker's server BEFORE the user can react to the page having a failed signature.
  7. User's credentials are now compromised until the user invalidates them.

This would also add an additional measure to prevent unobservant users who fail to notice an invalid signature from providing credentials to a compromised page.

Note: If this behavior is already present, I'd instead like to use this space to request that this information be added to the extension's README

Thanks for your time!
@RokeJulianLockhart
Copy link

I request that this be optional, and by default disabled. I only use this to inform me of when a site is verified, rather than to protect me.

If a user installs this and something as critical as JS is suddenly disabled in most websites, they'll never use the extension again.

@Alch-Emi
Copy link
Author

Alch-Emi commented Feb 3, 2023

Oh I should clarify: I don't think JS should be disabled on all unsigned pages, since that would make using the web really obnoxious. This would only be necessary for pages that have a signature expected (that is, have a signature listed in the extension preferences), but not received.

The only time a user would be affected by this is if they list a site in their extension settings, but when they go to visit that site, the signature is missing, which would indicate one of three things:

  • The user misconfigured the extension to expect a signature for a page that never provided one
  • The site owner misconfigured their site so that the signature isn't recognized
  • The site is genuinely compromised

If everything is going well, most users would never see a page with JS disabled

@RokeJulianLockhart
Copy link

I agree, then. Seems like a brilliant feature since it means that something indeed has gone wrong, so the worst should be assumed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Alch-Emi @RokeJulianLockhart