[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is a security bug?

On 2005-11-24 02:03:31 -0500 Marc Haber <mh+debian-security@zugschlus.de> wrote:

On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:

In the case of galeon, for example, there is no bug, because it can
restart with the old state.

And galeon saves current state, including form entries done by the
user, before it segfaults?

Or, even more annoying, session cookies. If I'm half-way through booking my flight, or making a purchase, and some random site crashes my browser, and I have to restart, I'll be pretty annoyed.

Also, POST data: if I'm viewing a page that I got to due a POST request, when Galeon restarts, I won't get back to the right page. (Should Galeon remember the POST data and resubmit when it restarts? What if the POST data was my credit card information, and resubmitting results in my credit card being charged twice?)

Remembering state certainly alleviates the problem. But it's not a complete solution.

Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Reply to: