10.3 Helper applications and plug-ins


10.3    Helper applications and plug-ins

In the early days of the WWW, most browsers could only render and display ASCII and HTML text, as well as images in either the GIF or the JPEG format. While these four data types provided a good basis and starting point for the Web to emerge, there were many kinds of types that couldn t be translated into these data types. Consequently, Web developers had to think about possibilities to extend the ability of browsers to understand, render, and display other data types.

An obvious possibility is the use of so-called helper applications (also known as external viewers ). In short, a helper application is an application program that is run automatically by the Web browser if a data type other than ASCII, HTML, GIF, or JPEG is received. [6] The important thing to note is that the helper application is an application program of its own that also runs in its own address space. As such, helper applications provide a flexible and extensible way through which practically any kind of information can be downloaded, rendered, and displayed.

Motivated by the work that had been done in the field of helper applications, Netscape Communications developed a similar system called plug-ins. [7] In short, a plug-in is a software module that is loaded directly into the address space of the Web browser and is automatically run when a document of a particular data type is downloaded. One of the simplest uses for plug-ins is to replace helper applications. Instead of requiring that data be specially downloaded, saved in a file, and processed by a helper application, the data can be loaded directly into the browser s memory space and processed by the appropriate plug-in. As of this writing, most popular helper applications have been rewritten as plug-ins, including, for example, the Adobe Acrobat reader to display PDF files, the RealAudio player to play sound files, or the Macromedia Shockwave player to play animated video sequences. In either case, plug-ins are manually downloaded by users and usually stored in a specific directory called Plugins . [8] The browser scans the Plugins directory when it starts up to discover what plug-ins are available.

In spite of their advantages in terms of functionality and browser extensibility, helper applications and plug-ins can also be the source of security problems. For example, if a user downloads a helper application or plug-in, he or she should make sure that the software is authentic and has not been tampered with. Consequently, a secure software distribution system, such as BETSI or something conceptually similar, is urgently needed. Also, if a user downloads data that is locally executed by a helper application or plug-in, he or she must make sure that the data is not malicious and does not try to exploit a vulnerability in the execution environment. This is difficult to achieve (to say the least). In general, the more powerful a helper application or plug-in is, the more possibilities an attacker usually has to find and exploit vulnerabilities (and to eventually attack the browser accordingly ).

One of the most powerful application programs is an interpreter for a general-purpose programming language. Given the appropriate input, an interpreter can typically open, read, modify, or delete any file on a computer system. To make things worse , many programming languages allow programs to open network connections, enabling them to scan for vulnerabilities and security loopholes on other computers. Because they are so powerful, interpreters for general-purpose programming languages should never be used or configured as helper applications. 9 This includes Microsoft Word and Excel (unless the macros feature is turned off), since they are both equipped with the Visual Basic scripting language.

Against this background, the following programs should never be used or configured as helper applications:

  • Any other program that includes Microsoft s Visual Basic scripting language;

  • Many other scripting languages, such as Perl, Python, and Tcl/Tk;

  • UNIX shells , such as sh , csh , tcsh;

  • The DOS command shell COMMAND.COM;

  • Any PostScript interpreter other than GhostView. [10]

If somebody configures a browser to automatically run one of these programs as a helper application when a document of a certain MIME type is downloaded, he or she is implicitly trusting the authors of the corresponding Web pages to be friendly with his or her computer. This level of trust may not always be justified and is very dangerous (to say the least).

In 1996, a group of researchers at the University of California at Berkeley developed and piloted a technology to limit the risks of untrusted helper applications in the Solaris operating system [4]. The basic idea is to limit the access that a helper application has to the system calls at the operating system level. They used the term sandboxing to represent the idea that a program can play around in its own confined area, without having access to anything outside. As such, the approach is conceptually similar to the sandbox approach used to secure the execution environment for Java applets (as addressed in Section 10.5).

[6] Parts of this section also apply to user agents for e-mail. In fact, many user agents can be configured to run an application program if data of a specific MIME type is received.

[7] Plug-ins have been developed by Netscape Communications. Although Microsoft Internet Explorer can also run plug-ins, they are deprecated in favor of ActiveX controls.

[8] Most installations of Microsoft Internet Explorer have an empty Plugins directory, mainly because plug-ins are deprecated in favor of ActiveX controls.

[10] Obviously, the same is true for the use and configuration of interpreters for general-purpose programming languages as plug-ins. This is, however, less dangerous because the interpreters would have to be provided as plug-ins.




Security Technologies for the World Wide Web
Security Technologies for the World Wide Web, Second Edition
ISBN: 1580533485
EAN: 2147483647
Year: 2003
Pages: 142
Authors: Rolf Oppliger

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net