Dogfood report: Firefox autoupdate works
marcus at jet.franken.de
Wed May 3 15:11:10 CDT 2006
On Wed, May 03, 2006 at 09:05:59PM +0100, Mike Hearn wrote:
> On 5/3/06, Marcus Meissner <marcus at jet.franken.de> wrote:
> >Number of konqueror affecting security problems in the last 2 years
> >(by CVE entry): ca 10.
> >Number of firefox security problems in the last 2 years
> >(by CVE entry): ca 100.
> >(Just go to http://cve.mitre.org/cve/ and look for yourself.)
> I wonder how much of that is due to the differences in popularity vs
> the differences in engineering? (a disturbing number of Firefox
> exploits are based on its platform features like XUL/XBL). Konq just
> isn't as interesting a target for security "researchers".
Its more of feature bloatedness and codesize vs small (but full necessary
) featureset and clean programming ;)
The 5000 (?) US$ challenges might have helped to poke holes in it.
> Safari has quite a lot of exploits available for it too and it's based
> on KHTML ....
But they are not konqueror issues. The konqueror developer look at the
Safari fixes. ;)
> >One reason I hate Firefox.
> I've just come to accept that web browsers are exploit-zones all round
> - their entire purpose in life is to download and manipulate extremely
> complex data structures and code from the net at high speeds. Pretty
> much a textbook case of where you'd expect to find security problems.
Yeah similar to this strange emulator program where users actually
download .exe files and run them under Linux :)
> My dissertation is on splitting software into modules using a fast
> form of local RPC so they can be confined using AppArmor/SELinux ..
> the idea is you could try and split things like the renderer out of a
> web browser so it runs with no privileges (except perhaps minimal X
> server access). The architecture of Firefox, where the entire program
> basically runs inside the rendering engine, makes that rather tricky,
> but the same principles apply to things like image decoders.
helix-dbus-server is a good start (although for 64 <-> 32bit interop),
imgsep a nice idea, seccomp a too restricted idea ... and so on. ;)
More information about the wine-devel