On Wed, Oct 5, 2011 at 12:08 PM, Benoit Jacob <firstname.lastname@example.org
On 05/10/11 02:38 PM, Mo, Zhenyao wrote:
I wrote up drafts for two possible WebGL extensions:
WEBGL_debug_shaders exposes the translated shader source.
WEBGL_debug_gpu_info exposes the unmasked VENDOR and RENDERER
from underlying graphics driver.
I believe these two extensions provide important information to
developers. However, as stated in the drafts, both extensions
only be available to privileged code in a browser, not the regular
content due to user privacy concerns.
I'm OK with the two extensions as currently drafted; just a couple
*WEBGL_debug_gpu_info might be better named
WEBGL_debug_renderer_info (or see below,
WEBGL_privileged_renderer___info) ? Also, it says that that info
should not be exposed to unprivileged content, so should the WebGL
spec also be updated to be consistent with that? Currently the WebGL
spec does not mention the concern about these strings. Also, I
wonder if PRIVILEGED would be a better word than UNMASKED, so it
would tell in a more explicit and neutral way what the difference is
with the current strings from the spec. Similarly, the extension
might be better named WEBGL_privileged_renderer___info?
* WEBGL_debug_shaders might not be a specific enough name? How
about WEBGL_get_translated_shader___source or some such. The text
says that this should not be exposed to unprivileged content because
this could be used to identify the GPU. Personally, my concern is a
bit different. I'm not that much concerned about this particular
privacy issue as it doesn't seem to expose a lot more information
than we already expose (through getShaderInfoLog + getParameter + UA
string), and doesn't make it more convenient to obtain. What I'm
more concerned with is that it exposes precisely which workarounds
we use, so if an attacker was fuzzing our ANGLE workarounds to find
corner cases where we miss a workaround, that could be handy.
How is that any different from today? If an attacker wants to find out
which workarounds we use, at least for Firefox and Chrome they can just
download the source and find out. Yes this makes it slightly easier,
they don't have to compile themselves and add a single printf, but it
doesn't expose anything they couldn't already get.