Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Parsing untrusted JPEG and PNG files from the web within a process that has full access to my whole personal account is simply insane.
Installing add-ons with full read-write access to my $HOME? Insane.
Running flash, or worse, Java on untrusted content with full $USER rights? Insane. (Plugins are now out-of-process but are their privileges actually lowered?)
Sandbox Firefox and, maybe, maybe, we'll come back.
Security! Security! Security!
Posted Feb 26, 2012 21:35 UTC (Sun) by intgr (subscriber, #39733)
> For me, ditching Firefox for Chrome is all about security.
How about Chrome removing OCSP checks for certificates? Apparently Chrome developers think speed is more important than security.
> Running flash, or worse, Java on untrusted content with full $USER rights? Insane.
Chrome doesn't sandbox plugins either -- since plugins are third-party software and need to access resources that Chrome doesn't know about, such as Flash local storage, webcam and whatnot.
> Sandbox Firefox and, maybe, maybe, we'll come back.
Sadly project "Electrolysis" has been frozen for the time being since it requires major modifications to the core and would break most extensions.
Posted Feb 27, 2012 9:04 UTC (Mon) by khim (subscriber, #9252)
Interesting. You assume that OCSP is more secure then simple autoupdateable revocation list. Care to share the proof that it's indeed so? AFAICS Chrome's new scheme is much simpler and thus more robust - this means it's probably more secure, too.
Note that the very same article you link to deride raises important practical security concerns related to OCSP thus "it's so obvious that OCSP is better" just does not cut it: not only you should explain how will Firefox solve OCSP-related problems outlined in the article, you should explain what's unsecure in new Chrome's scheme, too. Soft-fail revocation checks are like a seat-belt that snaps when you crash (which is how OCSP is practically implemented in all browsers) does not inspire a lot of confidence.
Flash is actually sandboxed and Java plugin is at least checked for known-vulnerable versions - which is better then what Firefox is doing.
If you want to point to real problems with Chrome's security - then be my guest, let's talk about it, noone is perfect, but if your goal is just to spread FUD then please stop.
Posted Feb 27, 2012 14:24 UTC (Mon) by KaiRo (subscriber, #1987)
On the other topic, sandboxing is IMHO hyped more than it's actually useful. It's one reasonable idea of how to possibly prevent exploits from going worse, but 1) if you (in theory) don't have exploits in the first place, it's useless, and 2) there's lot of security/privacy-relevant flaws where it has no effect at all, esp. in the area surrounding XSS. Also see http://hackademix.net/2012/02/16/sandboxes-are-overrated-... and stuff linked from there.
Posted Feb 27, 2012 15:42 UTC (Mon) by khim (subscriber, #9252)
1) if you (in theory) don't have exploits in the first place, it's useless
Sure, if your browser and OS are written by infallible God and if it's run on the impeccable computer which is created by said God then you can ignore any and all security practices.
In our universe compartmentalization is the only solution worth discussing. It predates computers by several millennia (think military and state secrets, different levels of access, etc) and is the only tied and true [albeit imperfect] solution.
2) there's lot of security/privacy-relevant flaws where it has no effect at all, esp. in the area surrounding XSS
Let me translate "discovery" from geek to English:
Sensation, sensation! Everything you ever knew is wrong!
Recently researchers found that most thieves started using windows and not doors. This fantastic discovery shows that all these sturdy doors and complicated locks are just a waste of time and money! We should immediately stop wasting our time and fully switch to windows protection! You can leave keys under your doormat, don't lock the door at all, it does not matter! More in our newspaper, just $.02 per copy.
If you really believe that then I have very nice bridge to sell.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds