undefined | Better HN

0 pointsroustem10y ago0 comments

Unfortunately, there is no way for browser extensions to create Unix sockets,

Also, code signing would prevent anyone from modifying the binaries to change the IP address.

0 comments

But even if they could, UNIX domain sockets aren't immune to attacks. That sort of the problem with "First, assume your machine has been pwn'd".

kazinator10y ago

Yes; if we assume the machine has been pwned, then whatever we can still trust is anywhere else but in that machine. At best we can come up with ways to securely smuggle bits through the pwned machine between two trusted endpoints; but we cannot manipulate any secrets on that machine.

(Trusted computing relies on some tamper-resistant core of the machine not being pwned when the rest of it is pwned.)

kazinator10y ago

Indeed, it would be particularly amazing if a browser extension did that on Windows. :)

j / k navigate · click thread line to collapse

0 pointsroustem10y ago0 comments

Unfortunately, there is no way for browser extensions to create Unix sockets,

Also, code signing would prevent anyone from modifying the binaries to change the IP address.

0 comments

julie7878710y ago

But even if they could, UNIX domain sockets aren't immune to attacks. That sort of the problem with "First, assume your machine has been pwn'd".

kazinator10y ago

(Trusted computing relies on some tamper-resistant core of the machine not being pwned when the rest of it is pwned.)

kazinator10y ago

Indeed, it would be particularly amazing if a browser extension did that on Windows. :)

j / k navigate · click thread line to collapse