Full Disclosure mailing list archives
Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Mon, 27 Mar 2006 23:35:32 +0200 (CEST)
On Sat, 25 Mar 2006, Dinis Cruz wrote:
2) Given that Firefox is also build on unmanaged code, isn't Firefox as insecure as IE and as dangerous
The use of "unmanaged code" (read: the programming language, and the style of programming prone to bugs making it possible to gain direct control over the underlying platform, i.e. the virtual CPU as implemented by the hardware and the OS running on it) is a shared weakness but there are many more aspects of the problem making it difficult to compare them.
3) Since my assets as a user exist in user land, isn't the risk profile of malicious unmanaged code (deployed via IE/Firefox) roughly the same if I am running as a 'low privileged' user or as administrator?
It depends. Do you run the browser under the same low-privs user you use for the rest of your business? (And do you trust your OS to enforce security restrictions among different users.)
4) Finally, isn't the solution for the creation of secure and trustworthy Internet Browsing environments the development of browsers written in 100% managed and verifiable code, which execute on a secure and very restricted Partially Trusted Environments? (under .Net, Mono or Java).
Are .Net, Mono, or Java themselves 100% managed and verifiable code? Can you create a secure environment when it is, using your own words, "impossible to create bug/vulnerability free code"? I know there have been vulns in the JRE making it possible to break out of the sandbox and similar vulns in the other environments would not suprise me. Chicken and eggs. (On the other hand, it is probably somewhat easier to fix one shared environment than to fix one million of applications. Nevertheless, we're talking about a single app here--about the web browser.) Moreover, do not forget the protection of your computer against malicious web sites is only one half of the problem. The other half is the protection of good web sites against malicious web sites. The browser itself is supposed to implement sandboxed virtual computers for "active web contents" and enforce their separation. You could compartmentalize the browser and have one sandbox for each site but I am afraid you would still need a trusted shared component to manage them.
And in my view, creating sandboxes for unmanaged code is very hard or even impossible (at least in the current Windows Architecture), so the only solution that I am seeing at the moment is to create sandboxes for managed and verifiable code.
I may be difficult on MS Windows. Been there, done that several times on other platforms. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, (continued)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 25)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 26)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Christopher Bergström (Mar 27)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 26)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
- Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
- Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
- Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
- Re: Re: Java integer overflows (was: a really long topic) Eliah Kagan (Mar 28)
- Re: Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)