On Wed, May 03, 2006 at 09:05:59PM +0100, Mike Hearn wrote:
On 5/3/06, Marcus Meissner marcus@jet.franken.de wrote:
Number of konqueror affecting security problems in the last 2 years (by CVE entry): ca 10. Number of firefox security problems in the last 2 years (by CVE entry): ca 100.
(Just go to http://cve.mitre.org/cve/ and look for yourself.)
I wonder how much of that is due to the differences in popularity vs the differences in engineering? (a disturbing number of Firefox exploits are based on its platform features like XUL/XBL). Konq just isn't as interesting a target for security "researchers".
Its more of feature bloatedness and codesize vs small (but full necessary ) featureset and clean programming ;)
The 5000 (?) US$ challenges might have helped to poke holes in it.
Safari has quite a lot of exploits available for it too and it's based on KHTML ....
But they are not konqueror issues. The konqueror developer look at the Safari fixes. ;)
One reason I hate Firefox.
I've just come to accept that web browsers are exploit-zones all round
- their entire purpose in life is to download and manipulate extremely
complex data structures and code from the net at high speeds. Pretty much a textbook case of where you'd expect to find security problems.
Yeah similar to this strange emulator program where users actually download .exe files and run them under Linux :)
My dissertation is on splitting software into modules using a fast form of local RPC so they can be confined using AppArmor/SELinux .. the idea is you could try and split things like the renderer out of a web browser so it runs with no privileges (except perhaps minimal X server access). The architecture of Firefox, where the entire program basically runs inside the rendering engine, makes that rather tricky, but the same principles apply to things like image decoders.
helix-dbus-server is a good start (although for 64 <-> 32bit interop), imgsep a nice idea, seccomp a too restricted idea ... and so on. ;)
Ciao, Marcus