[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA++ReY97HokONnHabRNvG1-4c-=7RNU-Ss8pYzf+P5Vew893ow@mail.gmail.com>
Date: Thu, 6 Aug 2015 11:05:21 -0700
From: Andrew Deck <andrew.hastings.deck@...il.com>
To: Christoph Gruber <list@...u.at>
Cc: bugtraq@...urityfocus.com
Subject: Re: [FD] Mozilla extensions: a security nightmare
Well, here's my 2 cents:
- Yes, it's unfortunate that firefox extensions are not in
write-protected parts of the FS.
- No, it's not worth eight paragraphs of ranting on this mailing list,
use of all caps, or calling some piece of software "evil".
- The sudo-like functionality present in Windows (and OSX, most of the
time. And GUIs, generally) is a hack, not a "solution" as such, for
reasons stated below. It'll help protect you from an enemy overwriting
files (well.. a bit. They could still write a Word doc, or a PDF, or
some other format that can cause unfortunate things to happen), but as
soon as they get any kind of execution, they're already essentially
admin.
- Number of google results for "write xor execute": 3,550. Number of
google results for "nx bit": 474,000. Use the term that is more
accurate, more helpful for someone researching the topic, and more
common.
- I'm only speaking up because this conversation has gone on for a
surprising number of posts.
## Why I'm against "sudo-like" functionality (but not sudo)
With sudo-like functionality on an O/S like Windows is that there's
nothing to prevent cross-application request forgery. If I can run
code on a given system, I can run administrative code on that system
by creating a window that vaguely resembles the one Windows pops up
asking the user to perform an update (of, for example, a firefox
extension) and enter their admin password.
And now I have their admin password.
That's a problem in OSX, it's a problem in Windows, and it's a problem
in every operating system that I've seen running a GUI. If a part of
the screen were reserved for security requests, wouldn't be an issue.
But it is an issue. If you care about security, and you're entering
admin creds into a GUI on the system, let alone running a browser,
you're Doing It Wrong(TM).
With sudo, you're explicitly asking to run a program with admin creds,
but more importantly you're asking to be asked for creds. You know
exactly what program is asking you for the password, and you know
exactly why. With Windows, who the hell knows?
Powered by blists - more mailing lists