lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <242a0a8f0603270707s7d784c53n81c5bca6edeaef7d@mail.gmail.com>
Date: Mon Mar 27 16:07:22 2006
From: eaton.lists at gmail.com (Brian Eaton)
Subject: 4 Questions: Latest IE vulnerability,
	Firefox vs IE security, User vs Admin risk profile,
	and browsers coded in 100% Managed Verifiable code

On 3/27/06, Pilon Mntry <pilonmntry@...oo.com> wrote:
> > What about
> > using the
> > facilities already provided by the OS to enforce the
> > sandbox?
>
> But then will it be possible to prevent buffer
> overflows, still running on unmanaged code?

No.  You could use PAX or the like to try to make buffer overflows
less exploitable, but mandatory access controls have a different
focus.  Mandatory access controls kick in when the exploit has done
its work and is now executing arbitrary code in the context of your
browser.  The access controls operate at the kernel level to prevent
the code from performing system calls that haven't been explicitly
allowed.

In the case of the calculator demo for the createTextRange
vulnerability, the attempt to execute the calculator would have
failed, because the browser would not have permission to execute
arbitrary files.

I wasn't sure if Windows actually supported mandatory access controls,
so I poked around on Microsoft's web site a bit.  Yes, Windows
supports MAC.  Even better, IE 7 will include a "protected" mode that
uses MAC to lock down the browser.  This is a step in the right
direction.

http://tinyurl.com/ncp35

In his original note, Dinis raised a good point: even a restricted
browser has access to all kinds of sensitive personal information,
such as passwords to web sites.  MAC would not prevent an exploit from
stealing that kind of data.

Regards,
Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ