Re: What is a security bug?
Florian Weimer <fw@deneb.enyo.de> wrote:
> It seems that I have difficulty understanding what constitutes a
> security bug in a web browser.
>
> Suppose that the web browser always crashes when confronted with
> certain input, losing all of its state. With tabbed browsing,
> multiple browser opened by the same process etc., this means that
> potentially important work is lost.
A really broad definition of security is that a system is secure if it
does what the user expects it to do.
If you apply this at the level of the interactions between
reasonably-sized entities, this definition is usable: You don't expect
clicking on a link in one browser window to cause other windows to
disappear without trace.
Besides the problem of losing your work in one browser window, this
sort of bug raises more security questions:
* Why are multiple browser windows implemented by the same process?
Does it really save that much resources? Why not run them in
separate processes?
* Why is the browser process runnning with the user's full authority,
including access to all the user's files? If you run it with
access to only the files it needs, the risk from buffer overruns
will be greatly reduced.
Mark
Reply to: