[pass] Chrome Extension
Stephen Paul Weber
singpolyma at singpolyma.net
Tue Sep 11 21:34:29 CEST 2012
Somebody claiming to be Marcus Breese wrote:
>On Sep 11, 2012, at 12:19 PM, Stephen Paul Weber
><singpolyma at singpolyma.net> wrote:
>> Or is the problem that chrome can't run processes?
>Because Chrome extensions can't shell out to call programs. (Unless they
>are compiled as plugins).
Ah, fine. So they can talk over TCP only and so we need a TCP-speaking
daemon? That could be pretty lightweight in terms of "take a list of
strings, pass them to a command as arguments, return the STDOUT of the
process". In fact, a shell script that took strings on STDIN and then
composed and ran them could be used behind a *inetd-alike to do this.
NOTE: binding to anything other than 0.0.0.0 or running on a multi-user
system (even with a more complex daemon than this) is a GAPING SECURITY
HOLE. I'm not suggesting other do not know this, only that it is very
important to remember :)
--
Stephen Paul Weber, @singpolyma
See <http://singpolyma.net> for how I prefer to be contacted
edition right joseph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20120911/dd98e507/attachment.asc>
More information about the Password-Store
mailing list