| |||||||||||||
WebGL vulnerabilitiesWebGL vulnerabilitiesPosted May 26, 2011 2:18 UTC (Thu) by jimparis (subscriber, #38647)Parent article: WebGL vulnerabilities
Shaders are written to handle the complexities of the graphics to be rendered, and the libraries and drivers turn those programs into the proper form for the GPU(s) in the hardware. Essentially it means that malicious web sites can craft semi-arbitrary programs to run on the hardware of the user.... That kind of denial of service could be extremely annoying to users, but doesn't really directly impact the security of the desktop.Running arbitrary shaders can be a HUGE security hole. The Xbox 360 GPU features the MEMEXPORT function that allows a shader to write arbitrary values to system memory! That's how the first xbox 360 exploit (so-called "king kong exploit") worked.
(Log in to post comments)
WebGL vulnerabilities Posted May 26, 2011 2:49 UTC (Thu) by roc (subscriber, #30627) [Link]
We're not running arbitrary shaders in Firefox. Shaders are sanitized via the ANGLE library so that only known shader functionality that "should be safe" can be used.
The concerns here are about using that known functionality to do DoS attacks, or using bugs in the implementation of that functionality to do something unsafe.
WebGL vulnerabilities Posted May 26, 2011 12:39 UTC (Thu) by nix (subscriber, #2304) [Link]
Oh, good, so perhaps we're not being called upon to disprove Rice's theorem on the fly (to quote Douglas Adams: 'which is, of course, impossible').
|
|||||||||||||