noscripter / nssecurity Goto Github PK
View Code? Open in Web Editor NEWThis project forked from taviso/nssecurity
Netscape Plugin Security
License: Apache License 2.0
This project forked from taviso/nssecurity
Netscape Plugin Security
License: Apache License 2.0
Introduction -------------------------------- This is a NPAPI plugin intended to intercept the loading of other plugins and apply simple policy decisions. The intention is to allow enterprise administrators to deploy deprecated, unreliable or unsafe third party plugins while minimising the security exposure. The plugin works by proxying api calls from the browser to all the configured plugins and inserting small shims that verify that the administrative policy is enforced. Plugins are configured in a single global configuration file, and all the relevant information is forwarded to the browser (MIME Types, Extensions, Etc.). You can think of this as a xinetd for browser plugins. http://code.google.com/p/nssecurity Configuration -------------------------------- All configuration happens in the file /etc/nssecurity.ini, intended to be manageable by cfengine, puppet, or other similar tools. The format is described in the sample configuration file included. The most basic policy decision is a domain whitelist. For example, by creating a configuration like this: [Third Party Plugin] LoadPlugin=/usr/lib/thirdparty/plugin.so AllowDomains=*.corp.megacorp.com,*.lan Or on Apple systems, which use directory bundles called .plugin instead of shared objects: [Third Party Plugin] LoadPlugin=/Library/Third Party Plug-Ins/BrowserThing.plugin AllowDomains=*.corp.megacorp.com,*.lan Now the plugin can only be instantiated by the domains listed. By default, the plugins must be loaded over https, as this is the only way to have any confidence the domain being reported by the browser is accurate. However, you can disable the protocol checks like so if you really need it: [Third Party Plugin] LoadPlugin=/usr/lib/thirdparty/plugin.so AllowDomains=*.corp.megacorp.com,*.lan AllowInsecure=1 Currently supported directives are as follows: AllowInsecure Do not require https for domains listed in AllowDomains (not recommended). FriendlyWarning Optional message displayed to user when a plugin is disallowed, can be specified in [Global], or per-plugin LoadPlugin Filename of a plugin you want wrapped with the security wrapper. AllowedDomains List of domains you want to allow to load this plugin, these are matched using the format described in fnmatch(3). PluginDescription Description displayed by the browser when a user looks at about:plugins (Linux Only, Apple use the Contents of Info.plist) There should be one [Global] section, containing default options, followed by an arbitrary number of plugin specific sections. The name of each new section is not important, but is displayed in some debugging message, so make it meaningful. Each plugin section requires a LoadPlugin, directive. Everything else is optional. Debugging -------------------------------- I find these commands useful when debugging. $ google-chrome --user-data-dir=/tmp --plugin-launcher='xterm -e gdb -ex r --args' $ google-chrome --user-data-dir=/tmp --plugin-launcher='xterm -hold -e valgrind' $ make EXTRA_CPPFLAGS="-UNDEBUG -DENABLE_RUNTIME_TESTS" EXTRA_CFLAGS="-ggdb3 -O0"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.