at-driver icon indicating copy to clipboard operation
at-driver copied to clipboard
verified publisher icon w3c

Security considerations

Open zcorpan opened this issue 3 years ago • 1 comments

From the ARIA-AT automation meeting on March 14, 2022: w3c/aria-at-automation#17 (minutes)

Allowing automation of screen readers is not without security concerns, as it can effectively allow universal XSS in the browser, or even allow any input in the OS and access to things that apps normally don't have access to (e.g. the login screen).

In CI, there are also security risks, but different to a local setup. Some CI systems today disable macOS SIP (System Integrity Protection), which makes it possible to programatically turn on VoiceOver.

Ideas:

  • Require some form of opt-in to enable automation
  • Don't allow HID-level input to be simulated
  • Use some kind of sandbox in automated mode to limit access
  • Use sessions

cc @cookiecrook @mcking65 @s3ththompson

zcorpan avatar Apr 05 '22 11:04 zcorpan

Don't allow HID-level input to be simulated

This would allow privilege escalation since screen readers usually have more privilege than other apps (e.g. browsers).

zcorpan avatar Sep 26 '22 20:09 zcorpan