Re: firefox 3.5.4 broken?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2009-10-31 at 05:51 +0100, Ralf Corsepius wrote:
> On 10/31/2009 05:35 AM, Patrick O'Callaghan wrote:
> > On Sat, 2009-10-31 at 03:52 +0100, Ralf Corsepius wrote:
> >>> Not so. Plugins and extensions don't run in a sandbox in current
> >>> versions of FF. Future versions will be different.
> >>
> >> You don't have to have a sandbox for this. All that would be required
> >> is a bit of more or less sophisticated error handling/signal catching.
> >
> > A semantic quibble.
> No. Error handling is a matter of a program's fundamental design. 
> Unfortunately it's a subject many programmers don't take into account.

You're missing the point. FF allows extensions. An extension is a module
of code not written by the FF authors, which is dynamically loaded into
a running instance of the browser. It is *not possible*, even in theory,
to stop such an arbitrary module from wreaking havoc with the rest of
the browser unless it a) runs at a lower privilege level, including
isolated memory (i.e. a sandbox) or b) runs in a separate process, IOW a
sandbox supported by the OS.

It's just like what used to happen on old MS operating systems, e.g.
MS-DOS, which didn't support privilege domains. Any user program could
halt the system, overwrite files, install a boot virus etc. For
"operating system" read "browser", for "user program" read "module", for
"halt the system, overwrite files etc." read "crash the browser, leak
memory etc." and we have the exact same situation.

> > The point is that the architecture has to be
> > designed to deal with arbitrary behaviour on the part of plugins or
> > extensions and currently it isn't.
> May-be, I am not familiar with firefox's source-code.
> 
> Anyway, to me this reads as "firefox" suffers from substantial 
> fundamental design flaws :(

Every other browser out there that allows user-loadable modules has the
same problem, with the exception of Chrome (and possibly IE8, but I'm
sure it has its own problems :-)

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux