Re: firefox 3.5.4 broken?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2009-10-31 at 05:51 +0100, Ralf Corsepius wrote:
> On 10/31/2009 05:35 AM, Patrick O'Callaghan wrote:
> > On Sat, 2009-10-31 at 03:52 +0100, Ralf Corsepius wrote:
> >>> Not so. Plugins and extensions don't run in a sandbox in current
> >>> versions of FF. Future versions will be different.
> >>
> >> You don't have to have a sandbox for this. All that would be required
> >> is a bit of more or less sophisticated error handling/signal catching.
> >
> > A semantic quibble.
> No. Error handling is a matter of a program's fundamental design. 
> Unfortunately it's a subject many programmers don't take into account.

You're missing the point. FF allows extensions. An extension is a module
of code not written by the FF authors, which is dynamically loaded into
a running instance of the browser. It is *not possible*, even in theory,
to stop such an arbitrary module from wreaking havoc with the rest of
the browser unless it a) runs at a lower privilege level, including
isolated memory (i.e. a sandbox) or b) runs in a separate process, IOW a
sandbox supported by the OS.

It's just like what used to happen on old MS operating systems, e.g.
MS-DOS, which didn't support privilege domains. Any user program could
halt the system, overwrite files, install a boot virus etc. For
"operating system" read "browser", for "user program" read "module", for
"halt the system, overwrite files etc." read "crash the browser, leak
memory etc." and we have the exact same situation.

> > The point is that the architecture has to be
> > designed to deal with arbitrary behaviour on the part of plugins or
> > extensions and currently it isn't.
> May-be, I am not familiar with firefox's source-code.
> 
> Anyway, to me this reads as "firefox" suffers from substantial 
> fundamental design flaws :(

Every other browser out there that allows user-loadable modules has the
same problem, with the exception of Chrome (and possibly IE8, but I'm
sure it has its own problems :-)

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux