Gathered Notes on WebGL

Browser makers hope WebGL will remake 3D [2009 Dec 17]

An early introduction of the technology and promise.

WebGL - A New Dimension for Browser Exploitation [2011 Jun 11]

From Context, ‘an independent information security consultancy’:
This gives a medium level description of the technology. It distinguishes between user mode and ‘kernel mode’. It fails to describe what I presume to be a card vendor supplied compiler to transform web-site supplied ‘programs’ binary programs of a vendor proprietary format. It mentions the ‘same-origin policy’ and that it of a perhaps obsolete style of security. It gives enough detail to become aware of several sorts of potential vulnerability, depending on the reader’s background.

Writing about these issues is difficult. Quote:

For example it is perfectly acceptable to embed an image from outside of your domain because the underlying APIs never gave you a mechanism to read the actual content (outside of image dimensions, and an indication of success or failure to load). It is not clear who the word ‘your’ above refers to. I presume it is the author of the first web site. It would be well to list the stake holders and give them names. The particular protection under discussion here is when one site presents a page P to the browser and P directs the browser to include content, S, from another site in a sub-area of the screen space allocated to P. To propose that S should be concealed from the author of P implies that there is information that would be inaccessible to the author of P by merely fetching the URL by which P denotes S. This may arise when the browser’s network connection conveys more authority than any connection available to P’s author which may arise when the browser is behind a firewall. It may also arise when cookies from the user’s machine are presented to the site for S.

These are confusing issues and WebGL confounds them but it is not clear to me whether it not the earlier web protection notions that are to blame. The security issues of such image subsetting cannot be divorced from the issue of how the user knows which pixels are from which site, and what query by P provoked S to say what it said. Is there any useful security here for WebGL to preserve?

WebGL Considered Harmful [2011 Jun ?]

I think this is the first negative missive from MS on WebGL security.

Cross-domain WebGL textures disabled in Firefox 5 [2011 Jun 8]

Response from Firefox disables a feature to eliminate a covert channel.

Microsoft refuses to endorse WebGL, labels it ‘harmful’ [2011 Jun 11]

I read the above indirect report from Microsoft. I agree with the security conclusions presuming that the facts reported therein are correct. I am pleasantly surprised.

Is Silverlight as bad?[2011 Jun 22]

sounds plausible.

WebGL — More WebGL Security Flaws [2011 Jun 16]

More from Context

blog post on Thursday [2011 Jun 16]

The above is a subsequent comment which mischaracterizes the prior paper by saying that MS said ‘Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive’. Actually they said that

Why Microsoft and Internet Explorer need WebGL (and vice-versa) [2011 Jun 16]

Warning: mostly rant below
This is from someone from MS saying there is not much to worry about. Quote: ‘Are we going to ban downloaded games because they might, in some universe of possibilities, harm our computer or cause us to, God forbid, reboot?’
Well give the user the option of such a ban. My understanding of the Chrome and Firefox support of WebGL is that it presumes that the user knows before he clicks on a link whether there is malicious WebGL in the target page.
Quote: ‘They are, after all, native code with hardware access that could run malicious operations, perform disk writes, read your personal data and plant viruses.’
Ahh I though so. MS, or at least someone there, believes that any machine code running on my machine can write anywhere on the disk. It is as if he had not heard of user mode. Just because such code can do so in Windows does not mean that untrusted machine code must be banned from any PC. Actually I think that even Windows manages to protect some places on the disk from malicious machine code, just not my files.
It seems that someone at MS knows the difference.

Khronos

Security

I have skimmed this note. It is intelligently written and addresses real security issues. The beef that I have is not that they are doing a poor job, but they are doing a very difficult job and may fail for that reason. Their approach is security thru language design which is difficult. That their language does not have pointers may help. I am not yet certain that it is hopeless, but I lean that way.

Fatal Page

This is a page from Khronos which illustrates a denial of service problem. On my Mac it hangs so that ‘Force Quit’ is unresponsive. The cursor continues to move but that is the only response that I can see. Even the power switch seemed to take extra time, but still only a few seconds.

Mac OS X 10.6.7
NVIDIA GeForce 320M
Revision ID: 0x00a2
ROM Revision:	3533

Conformance tests

A WebGL standards Conformance test from Khronos
It includes conformance with deterministic portions of standard.

to turn off WebGL in FireFox
For Safari on Mac try “defaults read com.apple.Safari”
a WebGL sample, if you dare
good article