Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of permission checks in the Electron application #5118

Closed
ManuGowda opened this issue Jun 26, 2023 · 0 comments
Closed

Lack of permission checks in the Electron application #5118

ManuGowda opened this issue Jun 26, 2023 · 0 comments
Assignees
@eniolam1000752
Labels
type: bug type: improvement type: security
Milestone
Sprint 103

Comments

@ManuGowda
Copy link
Contributor

Description

The code does not use the setPermissionRequestHandler function to prevent the renderer from accessing systems such as using the webcam and notification system.

As specified in Electron’s documentation: By default, Electron will automatically approve all permission requests unless the
developer has manually configured a custom handler. While a solid default, security-conscious developers might want to assume the very opposite.

This is the opposite of a browser such as Chrome who asks the user for permission. Inlisk-desktop this is not the case and may allow an attacker who can inject javascript in the application to silently record audio and video.

Reference

https://www.electronjs.org/docs/latest/tutorial/security#5-handle-session-permission-requests-from-remote-content
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eniolam1000752 eniolam1000752

Labels
type: bug type: improvement type: security
Projects
No open projects
Lisk Desktop Version 3.0.0
Status: Done
Milestone
Sprint 103
Development

No branches or pull requests
2 participants
@ManuGowda @eniolam1000752