[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fenfire-dev] Security with libvob

From: Matti Katila
Subject: Re: [Fenfire-dev] Security with libvob
Date: Tue, 19 Oct 2004 12:49:13 +0300 (EEST)

On Tue, 19 Oct 2004, Benja Fallenstein wrote:
> Matti Katila wrote:
> > Hi,
> > 
> > How libvob should work with malicious coordinates or renders? If third 
> > party creates a layout object, or any object that has to do with scene, 
> > it's too easy to put in some render calls that creates coordinate systems 
> > that a) may crash libvob b) are recursive, and crashes because of that c) 
> > render on all others vobs. I'm writing this because of we need to 
> > think these security questions before we make a release.
> Well, we don't have any sandboxing at the moment and no plans to sandbox 
> in the near future, so I don't really see the problem. I mean, if a 
> third party creates a malicious render object, it's also easy to put in 
> a call of 'rm -rf ~', which is arguably worse than any of the above. :-)

With X I can go to console and kill the application. With libvob I can 
kill jvm. I didn't mean security as "make everything so slow because of 
all method calls are checked with RSA keys" but rather could we find some 
scenarious where scene.otrhoCS(100, "foo", ...) crashes and try to add 
reasonable checks, e.g. parent should be smaller number than created 

So, I don't want to reserve a button in Fenfire for 
> While we're at it, Tuomas noticed somewhere that vobs' rendering calls 
> to OpenGL aren't sandboxed in any way either, so malicious code there 
> can probably execute arbitrary code on the system.
> I do think that making sandboxing work with libvob is too big a project 
> to make it hold up a release.

We can add minimal sandboxing for childVS and give the child for every 
application in screen. That way one missbehaving application is not seen 
on screen while not crashing the whole libvob.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]