Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
For a security perspective, the PNG decoder shouldn't have access to network sockets..
>And inside a web browser (the most obvious thing to attack) the idea of "non-executable" is laughable.
Agreed, that's why Chrome's design is really a nice change here, even if it doesn't go far enough: AFAIK Flash isn't properly 'shielded' from the rest of the system..
Security in the 20-teens
Posted Feb 11, 2010 14:32 UTC (Thu) by anselm (subscriber, #2796)
For a security perspective, the PNG decoder shouldn't have
access to network sockets..
The PNG decoder shouldn't be allowed to open new network sockets.
However, a file descriptor open for reading is a file descriptor open for
reading. It doesn't matter much whether there is a disk or a web server at
the other end.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds