[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fenfire-dev] Security with libvob

From: Benja Fallenstein
Subject: Re: [Fenfire-dev] Security with libvob
Date: Tue, 19 Oct 2004 12:06:22 +0300
User-agent: Mozilla Thunderbird 0.8 (X11/20040926)

Matti Katila wrote:

How libvob should work with malicious coordinates or renders? If third party creates a layout object, or any object that has to do with scene, it's too easy to put in some render calls that creates coordinate systems that a) may crash libvob b) are recursive, and crashes because of that c) render on all others vobs. I'm writing this because of we need to think these security questions before we make a release.

Well, we don't have any sandboxing at the moment and no plans to sandbox in the near future, so I don't really see the problem. I mean, if a third party creates a malicious render object, it's also easy to put in a call of 'rm -rf ~', which is arguably worse than any of the above. :-)

That's not to say that I don't think it would be good if the issues you raise would be addressed, it's just to say that I don't think it's urgent for the reason you give.

While we're at it, Tuomas noticed somewhere that vobs' rendering calls to OpenGL aren't sandboxed in any way either, so malicious code there can probably execute arbitrary code on the system.

I do think that making sandboxing work with libvob is too big a project to make it hold up a release.

On the other hand: I *do* believe that it should not be possible to create a tree of *existing* lobs (not writing your own) that crash Libvob. If you know a way to do so, please say so that we can address it. (Reason: I believe that's a possible goal and I want to be able to download trees of lobs from the Web.)

- Benja

reply via email to

[Prev in Thread] Current Thread [Next in Thread]