| |||||||||||||
Which is whichWhich is whichPosted Jul 24, 2009 12:28 UTC (Fri) by spender (subscriber, #23067)In reply to: Which is which by nix Parent article: Quotes of the week
The reason you don't notice me howling about FF is the same reason you don't notice me howling about filesystem code. I talk only about what I know (you should try it sometime).
BTW you are aware that protections implemented in the kernel affect the exploitability of some issues in all software, including FF right?
-Brad
(Log in to post comments)
Which is which Posted Jul 24, 2009 20:37 UTC (Fri) by nix (subscriber, #2304) [Link]
Well, yes, of course, but most attacks on higher-level stuff don't bother
trying to exploit a kernel bug in order to get at, say, Firefox. They buffer-overrun some image library instead (FF does things like ship its own copy of that known security-wobbly library libpng, always, because some patch of theirs was rejected from the upstream tree, sigh). I'm not sure I've ever heard of userspace network-facing software such as web browsers being successfully attacked by way of a kernel hole. I suppose it *could* happen, and perhaps it has, but is it common enough to make the kernel a more worthwhile thing to fix than the higher-level stuff? It seems more likely they'd stick to attacking the higher layer, and thus get an exploit that works no matter what version of the kernel you're running.
(Damn good interview, btw.)
Which is which Posted Jul 24, 2009 22:36 UTC (Fri) by spender (subscriber, #23067) [Link]
My mention of "kernel protections" referred to NX/ASLR/etc, which are implemented in the kernel ;)
-Brad
Which is which Posted Jul 25, 2009 12:34 UTC (Sat) by nix (subscriber, #2304) [Link]
Ah, yes, obviously they're worthwhile. Still there seems to be a
depressing frequency of vulns (exploitable even with these protections) in the higher levels: the days when the kernel had more holes than everything else put together seem to be behind us.
|
|||||||||||||