[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] about the VENDOR, RENDERER, and VERSION strings



On Mon, Nov 29, 2010 at 10:52 AM, Thatcher Ulrich <tu@tulrich.com> wrote:
> On Mon, Nov 29, 2010 at 7:19 PM, Vangelis Kokkevis <vangelis@google.com> wrote:
>>
>>
>> On Mon, Nov 29, 2010 at 9:26 AM, Thatcher Ulrich <tu@tulrich.com> wrote:
>>>
>>> On Mon, Nov 29, 2010 at 5:19 PM, Benoit Jacob <bjacob@mozilla.com> wrote:
>>> > ----- Original Message -----
>>> >> Is there really any significant benefit in hiding the true
>>> >> information?
>>> >
>>> > It's a matter of taste or a political question, but some people do care
>>> > about anonymity and/or privacy and will frown if WebGL does poorly in this
>>> > respect.
>>>
>>> Yeah, I think this comes down to balancing a small amount of
>>> information disclosure, vs. the benefit of apps having access to that
>>> info.
>>
>> Unfortunately, that small amount of additional information could be enough
>> for a larger-scale targeted attack. As it was recently pointed out to me by
>> a security engineer, large corporations (which tend to make good targets)
>> typically deploy very uniform hardware inside their private networks (same
>> GPUs and driver versions).  If a vulnerability is discovered and the
>> underlying hardware could be sniffed, you're opening up a sizeable security
>> hole in an attractive target.
>> I do share the desire to be able to adjust WebGL content based on the
>> hardware capabilities but I think security implications need to take
>> priority, at least at this early stage.
>
> That doesn't hold water.  An exploit is not going to need the info in
> the RENDERER string.  It can just go ahead and try to exploit.

That's an excellent point. I think that eliminates the argument for
hiding this information for security reasons.

> The valid concern (as far as I can tell) is around disclosing
> information that might be used to identify a user; i.e. privacy.

Perhaps I'm insensitive to this issue but I think the benefits of
having slightly more information about the renderer, vendor and
version, in particular when debugging, greatly outweigh the
information leakage about the user and his/her machine.

-Ken

> -T
>
>>
>> Vangelis
>>
>>>
>>> For example, webgl-bench outputs the following (from page at
>>> http://webgl-bench.googlecode.com/svn/trunk/js/index.html):
>>>
>>> userAgent = Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US)
>>> AppleWebKit/534.8 (KHTML, like Gecko) Chrome/7.0.526.0 Safari/534.8
>>> gl.VERSION = OpenGL ES 2.0 Chromium
>>> gl.VENDOR = NVIDIA Corporation
>>> gl.RENDERER = NVIDIA GeForce GT 330M OpenGL Engine
>>> gl.SHADING_LANGUAGE_VERSION = OpenGL ES GLSL ES 1.0 Chromium
>>> ...
>>>
>>> The userAgent contains my PC's OS + version and browser version, while
>>> gl.RENDERER gives the make and model of my video card.
>>>
>>> So the gl.RENDERER does reveal slightly more about me than just the
>>> userAgent.  Personally it does not seem like a problem to me (it seems
>>> like there are much more effective ways for web pages to identify me)
>>> but this is not my area of expertise.
>>>
>>> The info will be absolutely invaluable to some webgl apps (probably
>>> the more elaborate ones).  I liken it to userAgent -- in an ideal
>>> world, nobody would ever need to sniff userAgent, but in the real
>>> world it is sometimes crucial.  For 3D, the variability of hardware
>>> speed is large, even assuming perfect feature parity.
>>>
>>> -T
>>> -----------------------------------------------------------
>>> You are currently subscribed to public_webgl@khronos.org.
>>> To unsubscribe, send an email to majordomo@khronos.org with
>>> the following command in the body of your email:
>>>
>>
>>
>
> -----------------------------------------------------------
> You are currently subscribed to public_webgl@khronos.org.
> To unsubscribe, send an email to majordomo@khronos.org with
> the following command in the body of your email:
>
>

-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: