安全
本页面旨在解释 Tauri 设计和生态系统核心的高级概念及安全特性,这些特性默认情况下使你、你的应用和你的用户更加安全。
🌐 This page is designed to explain the high-level concepts and security features at the core of Tauri’s design and ecosystem that make you, your applications and your users more secure by default.
它还包括关于最佳实践的建议、如何向我们报告漏洞以及详细概念解释的参考资料。
🌐 It also includes advice on best practices, how to report vulnerabilities to us and references to detailed concept explanations.
🌐 Trust Boundaries
信任边界是计算机科学和安全字段使用的一个术语,用来描述 程序数据或执行改变其“信任”级别的边界, 或两个具有不同能力的主体交换数据或指令的边界。 1
Tauri 的安全模型区分了为应用核心编写的 Rust 代码和由系统 WebView 支持的任何框架或语言编写的前端代码。
🌐 Tauri’s security model differentiates between Rust code written for the application’s core and frontend code written in any framework or language understood by the system WebView.
检查并严格定义在边界之间传递的所有数据非常重要,以防止信任边界的违规。如果数据在这些边界之间传递时没有访问控制,那么攻击者很容易提升和滥用权限。
🌐 Inspecting and strongly defining all data passed between boundaries is very important to prevent trust boundary violations. If data is passed without access control between these boundaries then it’s easy for attackers to elevate and abuse privileges.
IPC层 是这两个信任组之间通信的桥梁,并确保边界不被打破。
🌐 The IPC layer is the bridge for communication between these two trust groups and ensures that boundaries are not broken.
任何由插件或应用核心执行的代码都可以完全访问所有可用的系统资源,并且不受限制。
🌐 Any code executed by the plugins or the application core has full access to all available system resources and is not constrained.
在 WebView 中执行的任何代码只能通过定义良好的 IPC 层访问公开的系统资源。对核心应用命令的访问是由应用配置中定义的功能配置和限制的。各个命令的实现也会执行功能配置中定义的可选细粒度访问级别。
🌐 Any code executed in the WebView has only access to exposed system resources via the well-defined IPC layer. Access to core application commands is configured and restricted by capabilities defined in the application configuration. The individual command implementations enforce the optional fine-grained access levels also defined in the capabilities configuration.
了解有关各个组件和边界执行的更多信息:
🌐 Learn more about the individual components and boundary enforcement:
Tauri 允许开发者选择自己的前端技术栈和框架。这意味着我们无法为每种选择的前端技术栈提供硬化指南,但 Tauri 提供了通用功能来控制和限制攻击面。
🌐 Tauri allows developers to choose their own frontend stack and framework. This means that we cannot provide a hardening guide for every frontend stack of of choice, but Tauri provides generic features to control and contain the attack surface.
🌐 (Not) Bundling WebViews
Tauri 的方法是依赖操作系统的 WebView,而不是将 WebView 打包到应用二进制文件中。
🌐 Tauri’s approach is to rely on the operating system WebView and not bundling the WebView into the application binary.
这有很多原因,但从安全角度来看,最重要的原因是从 WebView 安全补丁版本发布到部署到应用终端用户所需的平均时间。
🌐 This has a multitide of reasons but from a security perspective the most important reason is the average time it takes from publication of a security patched version of a WebView to being rolled out to the application end user.
我们观察到,WebView 数据包维护者和操作系统数据包维护者在平均水平上,比直接将 WebView 与其应用打包的应用开发者更快地修补并发布安全更新的 WebView 版本。
🌐 We have observed that WebView packet maintainer and operating system packet maintainers are in average significantly faster to patch and roll out security patched Webview releases than application developers who bundle the WebView directly with their application.
这一观察也有例外,理论上两条路径都可以在相似的时间范围内进行,但这涉及为每个应用建立更大的额外基础设施。
🌐 There are exceptions from this observation and in theory both paths can be taken in a similar time frame but this involves a larger overhead infrastructure for each application.
从 Tauri 应用开发者的体验来看,打包有其缺点,我们并不认为它本质上不安全,但目前的设计是一种权衡,显著减少了已知的实际漏洞。
🌐 Bundling has it’s drawbacks from a Tauri application developer experience and we do not think it is inherently insecure but the current design is a trade off that significantly reduces known vulnerabilities in the wild.
🌐 Ecosystem
Tauri 组织提供和维护的不仅仅是 Tauri 仓库,为了确保我们提供一个合理安全的多平台应用框架,我们会确保付出额外的努力。
🌐 The Tauri organization provides and maintains more than just the Tauri repository, and to ensure we provide a reasonable secure multi platform application framework, we make sure to go some extra miles.
要了解更多关于我们如何保障开发流程的信息,你可以参考以下文档,了解你可以采取和实现的措施、你的应用可能面临的已知威胁,以及我们计划在未来改进或强化的内容:
🌐 To learn more about how we secure our development process, what you could adapt and implement, what known threats your application can face and what we plan to improve or harden in the future, you can check out the following documents:
🌐 Coordinated Disclosure
如果你认为 Tauri 或我们组织中的其他代码库存在安全问题或隐患,请不要在公开场合评论你的发现。请直接联系我方安全团队。
🌐 If you feel that there is a security concern or issue with anything in Tauri or other repositories in our organization, please do not publicly comment on your findings. Instead, reach out directly to our security team.
首选的披露方式是通过受影响仓库的 Github 漏洞披露。 我们的大多数仓库都启用了此功能,但如果有疑问,请通过 Tauri 仓库 提交。
🌐 The preferred disclosure method is via Github Vulnerability Disclosure on the affected repository. Most of our repositories have this feature enabled but if in doubt please submit via the Tauri repository.
或者你可以通过电子邮件联系我们: security@tauri.app。
🌐 Alternatively you can contact us via email at: security@tauri.app.
虽然我们目前没有用于安全漏洞奖金的预算,但在某些情况下,我们会考虑用有限的资源奖励协调披露。
🌐 Although we do not currently have a budget for security bounties, in some cases, we will consider rewarding coordinated disclosure with our limited resources.
Tauri 中文网 - 粤ICP备13048890号
Nodejs.cn 旗下网站