cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shazron <>
Subject Re: Plugin Install Hooks
Date Mon, 09 Feb 2015 21:21:17 GMT
We did discuss this, and we rejected:
1. Having a prompt
2. Sandboxing

Check out the discussion, for reasons:

On Mon, Feb 9, 2015 at 8:28 AM, Horn, Julian C <> wrote:
> We have identified a security issue with the recently added feature of install-time plugin
> As far as I can tell, there is nothing that prevents creation of a plugin with a malicious
install-time hook script.  Adding that plugin to a project could corrupt the user's host machine.
 If that project using that plugin is submitted to a build server, then the build server could
be corrupted.
> Yes, you can use lower level plugman scripts to fetch plugins and then pre-scan them
for install time hooks and track down all the dependencies and scan them too.  So this is
fixable (on a build server), but it's a lot of extra work; "cordova plugin add" should not
be an unsafe operation.
> I propose that the CLI should check to see if a plugin requires an install-time hook
and require the user to explicitly grant permission before executing the install hook.  A
build server would always deny permission.
> Is there something I'm missing here?
>     Julian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message