LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Let's see the big picture

Let's see the big picture

Posted May 23, 2012 13:34 UTC (Wed) by proski (subscriber, #104)
Parent article: A Tale of Two Pwnies (Part 1)

Chromium developers should be proud that it takes six bugs to exploit their code.

(Log in to post comments)

Let's see the big picture

Posted May 23, 2012 14:09 UTC (Wed) by jonabbey (subscriber, #2736) [Link]

And that they had the confidence and good sense both to open source it and to give away prizes for breaking it, yes.

Things *ARE* getting better, in a few places

Posted May 23, 2012 14:36 UTC (Wed) by david.a.wheeler (guest, #72896) [Link]

Absolutely. There are still lots of programs where a single defect - trivially found - breaks everything. Obviously, it'd be great if there were no vulnerabilities at all, but having to string together six weaknesses is still an improvement.

Things *ARE* getting better, in a few places

Posted May 24, 2012 0:20 UTC (Thu) by nix (subscriber, #2304) [Link]

Quite. This is on a similar order to the number of failures needed to take down an airliner. Impressive.

Things *ARE* getting better, in a few places

Posted May 24, 2012 13:53 UTC (Thu) by ean5533 (subscriber, #69480) [Link]

>This is on a similar order to the number of failures needed to take down an airliner.

I'm don't think "on a similar order" is really the comparison you meant to use. 1 is on the same order as 6.

Things *ARE* getting better, in a few places

Posted May 24, 2012 15:46 UTC (Thu) by apoelstra (subscriber, #75205) [Link]

>I'm don't think "on a similar order" is really the comparison you meant to use. 1 is on the same order as 6.

Perhaps nix was thinking in base 2, in which case 6 is on the same order as 4 ;).

Things *ARE* getting better, in a few places

Posted May 24, 2012 17:13 UTC (Thu) by dgm (subscriber, #49227) [Link]

Base e seems more "natural"...

Things *ARE* getting better, in a few places

Posted May 25, 2012 8:32 UTC (Fri) by micka (subscriber, #38720) [Link]

You just made me discover non-integral representations. And I thought I was reasonably proficient in math...

Things *ARE* getting better, in a few places

Posted May 28, 2012 13:26 UTC (Mon) by nix (subscriber, #2304) [Link]

No, I was thinking in English rather than in pedant. My mistake, on this site. :)

Let's see the big picture

Posted May 23, 2012 19:47 UTC (Wed) by ballombe (subscriber, #9523) [Link]

At the same time the first bug is really nasty, so maybe they could improve their QA process.

How about the 10 bugs exploit?

Posted May 24, 2012 14:20 UTC (Thu) by southey (subscriber, #9466) [Link]

You do realize that that part 2 will have Sergey Glazunov's "roughly 10 distinct bugs" (as mentioned at the end of the blog), right?
Having two exploits suggests that they still need to keep their 'pride' in check.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds