It could be named "A rather unfortunate architectural decision that can make browsers write keys in plaintext without users explicitly enabling it" but that would be a little verbose. A malicious program can add a SSLKEYLOGFILE environment variable (if it's not systemwide, it doesn't need root privileges for that).
I guess we can haggle over whether or not this meets the "definition" of a backdoor. "Can give unrestricted access to encryption keys" is backdoor in my book, but I'm not a fan of taxonomy, the retarded child of sciences :).
I can understand why this... um, this feature, would be useful in developer builds. Why it's present in anything that is shipped to users is beyond my ability to comprehend. It should be behind an ENABLE_DANGEROUS_PLAINTEXT_LOGGING switch that is off by default. What's the thought process by which someone decides giving this to users is a good idea? Is there something I'm missing here?
If the attacker can add an environment variable, they can add a command-line switch or about:config value or modify my firefox binary or install an addon that saves my password fields.
If I carelessly execute ~/Downloads/some-binary, my environment variables and config settings are now suspect , while overwriting my firefox binary requires root access.
As such, having the browser loudly warn (irrespective of settings) about such unsafe defaults is still vastly better.
As such, having the browser loudly warn (irrespective of settings) about such unsafe defaults is still vastly better.
Yes. Loudly. As in "surrounds entire window with a red frame with INSECURE TEST MODE ENABLED", not as in "pops up notification that quietly fades out".
Shellshock was a big deal because the attacker only needed to control the value of an environment variable, not its name. There are many vectors to provide a string that will end up stored in some environment variable, far fewer that will allow you to specify a particular name/value pair.
I guess we can haggle over whether or not this meets the "definition" of a backdoor. "Can give unrestricted access to encryption keys" is backdoor in my book, but I'm not a fan of taxonomy, the retarded child of sciences :).
I can understand why this... um, this feature, would be useful in developer builds. Why it's present in anything that is shipped to users is beyond my ability to comprehend. It should be behind an ENABLE_DANGEROUS_PLAINTEXT_LOGGING switch that is off by default. What's the thought process by which someone decides giving this to users is a good idea? Is there something I'm missing here?