Issue metadata
Sign in to add a comment
|
Update It2Me host to show confirmation prompt for incoming connections. |
||||||||||||||||||||
Issue descriptionCurrently It2Me host can be starts and accepts incoming connection without getting confirmation from the user of their intent to share the host. This needs to be fixed to protect the user in the case some malicious code running in the browser manages to connect to the It2Me native messaging host.
,
Sep 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7cc2c86157e6a02a575ea610339983273de38b85 commit 7cc2c86157e6a02a575ea610339983273de38b85 Author: joedow <joedow@chromium.org> Date: Tue Sep 13 16:05:57 2016 Adding a Confirmation dialog for It2Me on Windows This change adds a confirmation dialog for Windows for the It2Me host. I've also added placeholder files for the other platforms (beyond ChromeOS). This dialog is displayed when the remote user begins the connection process and shows the email address of the remote user and gives the local user a chance to accept/reject the connection. BUG= 645540 Review-Url: https://codereview.chromium.org/2326553003 Cr-Commit-Position: refs/heads/master@{#418261} [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/BUILD.gn [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/BUILD.gn [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog.cc [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog.h [add] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog_android.cc [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog_chromeos.cc [add] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog_linux.cc [add] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog_mac.cc [add] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/it2me/it2me_confirmation_dialog_win.cc [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/win/core.rc.jinja2 [modify] https://crrev.com/7cc2c86157e6a02a575ea610339983273de38b85/remoting/host/win/core_resource.h
,
Sep 13 2016
,
Sep 14 2016
,
Sep 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6243fba501529b041abd75c9554157d70bd14d74 commit 6243fba501529b041abd75c9554157d70bd14d74 Author: joedow <joedow@chromium.org> Date: Wed Sep 14 18:13:49 2016 Adding a confirmation dialog for It2Me on Linux This change adds a confirmation dialog for the It2Me Linux host. This dialog will be displayed when an incoming It2Me connection and will wait up to 60 seconds for the user to accept/reject it. If the user accepts the connection then we will complete the conneciton process, otherwise the incoming request will be rejected. BUG= 645540 Review-Url: https://codereview.chromium.org/2343443002 Cr-Commit-Position: refs/heads/master@{#418611} [modify] https://crrev.com/6243fba501529b041abd75c9554157d70bd14d74/build/config/linux/gtk2/BUILD.gn [modify] https://crrev.com/6243fba501529b041abd75c9554157d70bd14d74/remoting/host/it2me/BUILD.gn [modify] https://crrev.com/6243fba501529b041abd75c9554157d70bd14d74/remoting/host/it2me/it2me_confirmation_dialog_linux.cc [modify] https://crrev.com/6243fba501529b041abd75c9554157d70bd14d74/remoting/host/it2me/it2me_confirmation_dialog_win.cc
,
Sep 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/04cd71f8de4aea60437b42dfade44087723b771d commit 04cd71f8de4aea60437b42dfade44087723b771d Author: joedow <joedow@chromium.org> Date: Sat Sep 17 01:12:13 2016 Updating the It2Me confirmation dialog message Updating per PM feedback. BUG= 645540 Review-Url: https://codereview.chromium.org/2342313004 Cr-Commit-Position: refs/heads/master@{#419358} [modify] https://crrev.com/04cd71f8de4aea60437b42dfade44087723b771d/remoting/resources/remoting_strings.grd
,
Sep 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/873700139f1834cd79da404cc4ceeb5c264b7703 commit 873700139f1834cd79da404cc4ceeb5c264b7703 Author: joedow <joedow@chromium.org> Date: Tue Sep 20 04:09:08 2016 Adding a confirmation dialog for It2Me on Mac This change adds a confirmation dialog for the It2Me Mac host. This dialog will be displayed when an incoming It2Me connection and will wait up to 60 seconds for the user to accept/reject it. If the user accepts the connection then we will complete the conneciton process, otherwise the incoming request will be rejected. BUG= 645540 Review-Url: https://codereview.chromium.org/2344003002 Cr-Commit-Position: refs/heads/master@{#419676} [modify] https://crrev.com/873700139f1834cd79da404cc4ceeb5c264b7703/remoting/host/it2me/BUILD.gn [delete] https://crrev.com/2be0f67dbdb1f6da85fa5d4ca116daffe7da662a/remoting/host/it2me/it2me_confirmation_dialog_mac.cc [add] https://crrev.com/873700139f1834cd79da404cc4ceeb5c264b7703/remoting/host/it2me/it2me_confirmation_dialog_mac.mm
,
Sep 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a4829361cdafaa4fe5e5b70b4a786289bb66f97c commit a4829361cdafaa4fe5e5b70b4a786289bb66f97c Author: joedow <joedow@chromium.org> Date: Tue Sep 20 15:47:41 2016 Removing TODO for It2Me Confirmation Dialog Now that the It2Me confirmation dialog has been implemented on all platforms we currently support, we can remove the TODO/workaround which would auto- approve connections for platforms w/o a dialog. Note that Android has an It2Me host implementation but is not currently used so I did not implement a dialog there. I have added a NOTIMPLEMENTED() macro to indicate this if we decide to proceed with it. BUG= 645540 Review-Url: https://codereview.chromium.org/2342393003 Cr-Commit-Position: refs/heads/master@{#419776} [modify] https://crrev.com/a4829361cdafaa4fe5e5b70b4a786289bb66f97c/remoting/host/it2me/BUILD.gn [delete] https://crrev.com/6a18628f8826ebc484f06fcfabcfc3db0dd9d508/remoting/host/it2me/it2me_confirmation_dialog_android.cc [modify] https://crrev.com/a4829361cdafaa4fe5e5b70b4a786289bb66f97c/remoting/host/it2me/it2me_host.cc [modify] https://crrev.com/a4829361cdafaa4fe5e5b70b4a786289bb66f97c/remoting/host/it2me/it2me_host_unittest.cc
,
Sep 20 2016
Done! This is now the default behavior on all supported platforms for It2Me.
,
Sep 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/28301222bc5bd0446842bef568587a1b301bd496 commit 28301222bc5bd0446842bef568587a1b301bd496 Author: dewittj <dewittj@chromium.org> Date: Tue Sep 20 16:55:06 2016 Revert of Removing TODO for It2Me Confirmation Dialog (patchset #3 id:40001 of https://codereview.chromium.org/2342393003/ ) Reason for revert: Compile failure see https://build.chromium.org/p/chromium/builders/Android/builds/62438/ FAILED: libremoting_host_jni.so libremoting_host_jni.so.TOC lib.unstripped/libremoting_host_jni.so python "/b/c/b/Android/src/build/toolchain/gcc_solink_wrapper.py" --readelf="../../third_party/android_tools/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-readelf" --nm="../../third_party/android_tools/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-nm" --strip=../../third_party/android_tools/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-strip --sofile="./lib.unstripped/libremoting_host_jni.so" --tocfile="./libremoting_host_jni.so.TOC" --output="./libremoting_host_jni.so" -- ../../third_party/android_tools/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-g++ -shared -Wl,--fatal-warnings -fPIC -Wl,-z,noexecstack -Wl,-z,now -Wl,-z,relro -Wl,-z,defs -Wl,--as-needed -fuse-ld=gold -Wl,--icf=all -Wl,--build-id=sha1 -Wl,--no-undefined -Wl,--exclude-libs=libgcc.a -Wl,--exclude-libs=libc++_static.a -Wl,--exclude-libs=libvpx_assembly_arm.a -Wl,--warn-shared-textrel -Wl,-O1 -Wl,--gc-sections -nostdlib -Wl,--warn-shared-textrel --sysroot=../../third_party/android_tools/ndk/platforms/android-16/arch-arm -Wl,--version-script=/b/c/b/Android/src/build/android/android_no_jni_exports.lst -Wl,-wrap,calloc -Wl,-wrap,free -Wl,-wrap,malloc -Wl,-wrap,memalign -Wl,-wrap,posix_memalign -Wl,-wrap,pvalloc -Wl,-wrap,realloc -Wl,-wrap,valloc -L../../third_party/android_tools/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a -o "./lib.unstripped/libremoting_host_jni.so" -Wl,-soname="libremoting_host_jni.so" @"./libremoting_host_jni.so.rsp" obj/remoting/host/it2me/common/it2me_confirmation_dialog.o:it2me_confirmation_dialog.cc:vtable for remoting::It2MeConfirmationDialogFactory: error: undefined reference to 'remoting::It2MeConfirmationDialogFactory::Create()' collect2: error: ld returned 1 exit status Original issue's description: > Removing TODO for It2Me Confirmation Dialog > > Now that the It2Me confirmation dialog has been implemented on all platforms > we currently support, we can remove the TODO/workaround which would auto- > approve connections for platforms w/o a dialog. Note that Android has an > It2Me host implementation but is not currently used so I did not implement > a dialog there. I have added a NOTIMPLEMENTED() macro to indicate this if we > decide to proceed with it. > > BUG= 645540 > > Committed: https://crrev.com/a4829361cdafaa4fe5e5b70b4a786289bb66f97c > Cr-Commit-Position: refs/heads/master@{#419776} TBR=sergeyu@chromium.org,jamiewalch@chromium.org,joedow@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 645540 Review-Url: https://codereview.chromium.org/2352123002 Cr-Commit-Position: refs/heads/master@{#419791} [modify] https://crrev.com/28301222bc5bd0446842bef568587a1b301bd496/remoting/host/it2me/BUILD.gn [add] https://crrev.com/28301222bc5bd0446842bef568587a1b301bd496/remoting/host/it2me/it2me_confirmation_dialog_android.cc [modify] https://crrev.com/28301222bc5bd0446842bef568587a1b301bd496/remoting/host/it2me/it2me_host.cc [modify] https://crrev.com/28301222bc5bd0446842bef568587a1b301bd496/remoting/host/it2me/it2me_host_unittest.cc
,
Sep 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1015b508f2699cd15bf917a12e2077cdfcb52996 commit 1015b508f2699cd15bf917a12e2077cdfcb52996 Author: joedow <joedow@chromium.org> Date: Tue Sep 20 18:16:38 2016 Removing TODO for It2Me Confirmation Dialog Now that the It2Me confirmation dialog has been implemented on all platforms we currently support, we can remove the TODO/workaround which would auto- approve connections for platforms w/o a dialog. Note that Android has an It2Me host implementation but is not currently used so I did not implement a dialog there. I have added a NOTIMPLEMENTED() macro to indicate this if we decide to proceed with it. BUG= 645540 Committed: https://crrev.com/a4829361cdafaa4fe5e5b70b4a786289bb66f97c Review-Url: https://codereview.chromium.org/2342393003 Cr-Original-Commit-Position: refs/heads/master@{#419776} Cr-Commit-Position: refs/heads/master@{#419814} [modify] https://crrev.com/1015b508f2699cd15bf917a12e2077cdfcb52996/remoting/host/it2me/it2me_confirmation_dialog_android.cc [modify] https://crrev.com/1015b508f2699cd15bf917a12e2077cdfcb52996/remoting/host/it2me/it2me_host.cc [modify] https://crrev.com/1015b508f2699cd15bf917a12e2077cdfcb52996/remoting/host/it2me/it2me_host_unittest.cc
,
Sep 21 2016
Host now receives a prompt after client enters remote access code. Verified in 55.0.2867.0
,
Oct 1 2016
,
Nov 29 2016
,
Dec 28 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sergeyu@chromium.org
, Sep 9 2016