[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is a security bug?



Florian Weimer <fw@deneb.enyo.de> wrote:

> It seems that I have difficulty understanding what constitutes a
> security bug in a web browser.
> 
> Suppose that the web browser always crashes when confronted with
> certain input, losing all of its state.  With tabbed browsing,
> multiple browser opened by the same process etc., this means that
> potentially important work is lost.

A really broad definition of security is that a system is secure if it
does what the user expects it to do.

If you apply this at the level of the interactions between
reasonably-sized entities, this definition is usable: You don't expect
clicking on a link in one browser window to cause other windows to
disappear without trace.

Besides the problem of losing your work in one browser window, this
sort of bug raises more security questions:

 * Why are multiple browser windows implemented by the same process?
   Does it really save that much resources?  Why not run them in
   separate processes?
 * Why is the browser process runnning with the user's full authority,
   including access to all the user's files?  If you run it with
   access to only the files it needs, the risk from buffer overruns
   will be greatly reduced.

Mark



Reply to: