LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security in the 20-teens

Security in the 20-teens

Posted Feb 11, 2010 9:36 UTC (Thu) by renox (subscriber, #23785)
In reply to: Security in the 20-teens by tialaramex
Parent article: Security in the 20-teens

>You replace the file descriptor of a file being written with that of an open network connection,

For a security perspective, the PNG decoder shouldn't have access to network sockets..

>And inside a web browser (the most obvious thing to attack) the idea of "non-executable" is laughable.

Agreed, that's why Chrome's design is really a nice change here, even if it doesn't go far enough: AFAIK Flash isn't properly 'shielded' from the rest of the system..

(Log in to post comments)

Security in the 20-teens

Posted Feb 11, 2010 14:32 UTC (Thu) by anselm (subscriber, #2796) [Link]

For a security perspective, the PNG decoder shouldn't have access to network sockets..

The PNG decoder shouldn't be allowed to open new network sockets. However, a file descriptor open for reading is a file descriptor open for reading. It doesn't matter much whether there is a disk or a web server at the other end.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds