[icedtea-web] "Not All Signed" dialog and low-security setting

Jiri Vanek jvanek at redhat.com
Tue Dec 3 08:04:29 PST 2013 

On 11/12/2013 05:12 PM, Andrew Azores wrote:
> On 11/10/2013 05:57 AM, Jiri Vanek wrote:
>> On 11/07/2013 08:47 PM, Andrew Azores wrote:
>>> Hi,
>>>
>>> Should the "Not All Signed" dialog (SecurityDialogs.showNotAllSignedWarningDialog(JNLPFile)) still appear when extended applet security is set to "low?" This can happen with signed applets with external main-classes, or applets with mixed signing. To me it seems like it should not appear when running one of these applets on low security. Changing this behaviour would also make it possible for me to add a reproducer for the recent signed applet with external main-class fix (PR1513).
>>>
>>> Thanks,
>>
>> One dialogue is definitely enough. If "not all signed" dialogue appear, then no extended applet security dialog should occur (not depending on actual settings)
>
> Should the "Not All Signed" really be overpowering the other standard dialogs, eg the unsigned applet warning? If we only show the Not All Signed and skip the other extended security dialogs then the user misses out on some information, eg the applet name/location (u45 manifest attributes!), and misses the option to trust the publisher in the future or not. I suppose Not All Signed could be made into a new dialog of the same type as the signed/unsigned confirmation dialogs, but as it is, I don't think it's a suitable replacement for them.
>
> My other question however was what to do when set to not prompt to run applets, aka set security to low in itweb-settings. The "Not All Signed" dialog will still appear in this kind of situation, which breaks our testing if any reproducer meets the criteria for "Not All Signed", as the dialog will appear and require the user to approve it.
>
> The attached patch simply causes the dialog to not appear when security is set to Low and/or -Xtrustall is used. It might be more suitable to move this logic into the dialog itself, but to me it also seemed out of place to put it there.
>
> Thanks,
>

This seems to be included in current version of "Re: [rfc][icedtea-web] Mixed-signing applet permissions (PR1592)" however seems to be not working.

As you suggested - the "not signed app is running" dialogue should not be showing - but is.
However -  this still needs some tweaking:
    the "only part of application is signed" dialogue is really dummy -  information of codebases/page pase (both for signed and unsigned part), signature details... run, run in sandbox, not run, remember decsission and so on are missing. Those information are critical for user to be able to decide.
After "Re: [rfc][icedtea-web] Mixed-signing applet permissions (PR1592)" is in (as I'm going to aprove it now) this dialogue tweeking will be blocker of 1.5 release, as it needs to be done right.

J.

More information about the distro-pkg-dev mailing list