Re: Is Firefox a Good Thing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andy Green wrote:
Christopher Aillon wrote:

The kernel has more vulnerabilities[1] than this user-space application does. Let's reconsider having that in the distro, too.
With respect this is not a good response to my question.  How many 
kernel problems are remote-exploitable?  Does the kernel of itself visit 
random external "scripts" on the Internet and execute what it finds 
there?  No.  But a browser is designed to do such actions.  If we really 
do talk about code of such complexity that "MASSIVE changes which took 
several architects months to perfect, and it STILL caused 10-20 
regressions" it's a lot more frightening to hear that about usermode 
code that exists to go out to a potentially hostile Intenet on behalf of 
a logged-in user than it is to hear the same about a kernel where the 
vast bulk of vulns are local only.  Objectively, looking at your 
description of security fixes on the beast, shouldn't people take pause 
at a creature that is so complex and poorly understood, but is our main 
proposed way of interfacing to the good and evil of the external world?
You're grossly overreacting.  If you re-write the way the browser 
interfaces with the JavaScript DOM completely, and only 10-20 bugs 
surface, I'd say you did a pretty damn good job.  The issue and code is 
extremely well understood by those that need to understand it, myself 
included as I discovered and provided a workaround for this issue while 
I interned at Netscape.  As an intern, I just didn't have the time to 
fix it properly, and still don't have time to backport it if I'm 
expected to do all I do as it is.
There's always a potential for security problems when you don't control 
the input you get.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux