lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Mar 27 16:07:22 2006 From: eaton.lists at gmail.com (Brian Eaton) Subject: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code On 3/27/06, Pilon Mntry <pilonmntry@...oo.com> wrote: > > What about > > using the > > facilities already provided by the OS to enforce the > > sandbox? > > But then will it be possible to prevent buffer > overflows, still running on unmanaged code? No. You could use PAX or the like to try to make buffer overflows less exploitable, but mandatory access controls have a different focus. Mandatory access controls kick in when the exploit has done its work and is now executing arbitrary code in the context of your browser. The access controls operate at the kernel level to prevent the code from performing system calls that haven't been explicitly allowed. In the case of the calculator demo for the createTextRange vulnerability, the attempt to execute the calculator would have failed, because the browser would not have permission to execute arbitrary files. I wasn't sure if Windows actually supported mandatory access controls, so I poked around on Microsoft's web site a bit. Yes, Windows supports MAC. Even better, IE 7 will include a "protected" mode that uses MAC to lock down the browser. This is a step in the right direction. http://tinyurl.com/ncp35 In his original note, Dinis raised a good point: even a restricted browser has access to all kinds of sensitive personal information, such as passwords to web sites. MAC would not prevent an exploit from stealing that kind of data. Regards, Brian
Powered by blists - more mailing lists