At what level, though? A thin wrapper over DirectX, or a higher-level API that can do some additional checks (or simply doesn't allow for really-unsafe constructs)?
Why is this any different from any other exploit? If you get past the browser's sandbox, you've got the control of the machine, and things are good as toast. Access to video memory seems minor in comparison to a complete breach.
Allowing ActiveX == allowing ANY native code to run on your system - bad.
Allowing Java or.NET stuff == allowing sandboxed and security-constrained code access to relatively verifiable resources.
Allowing WebGL == ???, where ??? depends on specific video driver version as well as hardware silicon.
Graphics drivers aren't generally scrutinized for security issues, and hardware can do stuff like DMA (overwrite arbitrary regions of system memory without the OS being able to intervene in any way).
...but I got them from a POP3 connection, what do you expect me to do? Company policy forbids USB drives, and all our networked machines have internet access:(
Massive driver and - possibly - hardware changes. Perhaps just fix the API instead? Might give lower performance and ruin the wet dream of "zomg desktop games in a browser", but that's just silly in the first place IMHO.
Wow, that's a confusion of terminology if I ever saw one.
I hope that was intended as a +5 funny. If not, please read up on your terminology. You might also want to familiarize yourself with alien words such as "DMA".
Or, maybe websites should be websites and applications should be applications. Over the last 20 years the paradigm of browser plugins/applications in the browser has been abysmal for security AND performance.
+1.
And now people think it's cute you can decode MP3s via javascript... ugh.
It will be interesting to see how Silverlight will implement GPU access - if it's going to be a thin wrapper around DirectX (in other words, the DX equivalent of WebGL) I'll be the first person to cry "bloody fucking morons". Hopefully (and perhaps this is wishful thinking) the silverlight team have been getting cluebat beatings from some of the competent security people at MS.
Part of the reason was retained vs. immediate mode - and part of the reason for that was Carmack (and others) asking for immediate mode, but then not wanting to use it; can't blame them, though, as the userkernel mode switches and the general state of GPU hardware back then made it kinda useless. It took Microsoft until DX9 (around 9 years - slow fscks!) to gain the upper hand.
And perhaps the truth lies somewhere between those extremes?
Graphics drivers are crappily written kernel-level code - it's one of the few things that has made my system crash, whether that be linux or windows (Vista did at least one thing right - move large parts of graphics drivers to user mode).
We have to accept this situation, it's not going to change anytime soon. OpenGL itself is a rather big chunk of code as well, and it's not the kind of code that's reviewed with a focus on security.
Do you, honestly, think it's a good idea to pretty much directly expose the GL and graphics driver stack to the web?
Just as with any native code (like a DirectX game, for instance) there is no way to ensure "safety"...although I'd think almost any other attack vector would be easier than WebGL.
I do wonder.
Of course it would mean targetting specific GPU vendors, and perhaps specific driver versions as well. But imagine what you could do if you were able to play with DMA... bye bye to any OS security.
They aren't dismissing OpenGL, they're dismissing WebGL - please figure out the difference and at least try contemplating why WebGL might not be a terribly good idea before commenting further.
All it takes is one whitelisted domain being hacked or DNS poisoned, and you're outta luck - FF has no sandboxing and it doesn't drop unneeded privileges. At least it supports DEP and ASLR, but stil - it's a lot less than IE.
Yes, I do NoScript and ABP as well and try to be diligent about what I allow, but that doesn't mean I'm not aware of the risks.
Yup, I use Foxit Reader on my Windows boxes - it's slow for complex renders though, I wish Sumatra was more stable. But AR is the default used by the masses, and it may be mandated by corporate IT policies.
THERE ISN'T A LOT OF MALWARE FOR LINXU BECAUSE LINUX ISN'T SIGNIFICANT MARKET-SHARE WISE. There, ftfy.
Ask for a tour of your nearest datacenter.
You don't target datacenters with consumer-oriented malware. You target them with DDoSes or specialized attacks to get specific information you're interested in, often involving exploit that aren't known by the public. It's a whole different ballpark.
Your idiotic caps made me write this sentence calling you an idiot to get the lameness filter to shutup.
Click yes" is a PEBKAC problem - not much we can do about those.
Drive-by attacks are generally against Flash, Acrobat Reader, Java and there's not much the browser or OS can do against those. There's lots of harm you can do even as an unprivileged user, and if that's not enough there's local privilege escalation exploits on all the major OSes.
There are some exceptions like flash and acrobat reader and yes they can cause trouble. But how do you get an infection from flash on Linux? Show me one case of this occuring! Otherwise all these Windows fan boys please just STFU about the insecurity of Adobe flash and acroread and how Linux would be just as bad as Windows if the market share was reversed.
I'll show you as soon as Linux has enough marketshare that people start writing malware for it:-)
The attack vectors are there - Flash, Acrobat Reader, Java, FireFox. If a piece of malware wanted root, there's been enough local privilege exploits around and there's bound to be more.
You and I both keep our Linux systems up to date, don't click spurious links or enter or user credentials where we shouldn't. I expect that goes for most Linux users as the userbase looks right now. But do you expect that situation to stay constant if there was going to be a mass migration towards Linux?
And tell us how you would do that? How would you make a web page that convinces the user that they should click 'okay' on your installer instead of going to the system app center / repositories?
People that were conditioned to Windows might fall for it, but people that 'learned' Linux would know it's BS.
And that's only true because there's such a small percentage of people that use Linux, and they generally aren't Clueless Joe User types.
How would you convince someone to give you the admin ID when they didn't launch an installer or app that needs admin access?
Linux never had local privilege exploits, nah-uh.
VIRUSES IN LINUX DON'T PROPAGATE BECAUSE LINUX DOESN'T WORK LIKE WHAT YOU'RE USED TO.
THERE ISN'T A LOT OF MALWARE FOR LINXU BECAUSE LINUX ISN'T SIGNIFICANT MARKET-SHARE WISE. There, ftfy.
Slashdot Mirror
At what level, though? A thin wrapper over DirectX, or a higher-level API that can do some additional checks (or simply doesn't allow for really-unsafe constructs)?
Why is this any different from any other exploit? If you get past the browser's sandbox, you've got the control of the machine, and things are good as toast. Access to video memory seems minor in comparison to a complete breach.
Allowing ActiveX == allowing ANY native code to run on your system - bad.
Allowing Java or .NET stuff == allowing sandboxed and security-constrained code access to relatively verifiable resources.
Allowing WebGL == ???, where ??? depends on specific video driver version as well as hardware silicon.
Graphics drivers aren't generally scrutinized for security issues, and hardware can do stuff like DMA (overwrite arbitrary regions of system memory without the OS being able to intervene in any way).
...but I got them from a POP3 connection, what do you expect me to do? Company policy forbids USB drives, and all our networked machines have internet access :(
Massive driver and - possibly - hardware changes. Perhaps just fix the API instead? Might give lower performance and ruin the wet dream of "zomg desktop games in a browser", but that's just silly in the first place IMHO.
Wow, that's a confusion of terminology if I ever saw one.
I hope that was intended as a +5 funny. If not, please read up on your terminology. You might also want to familiarize yourself with alien words such as "DMA".
Or, maybe websites should be websites and applications should be applications. Over the last 20 years the paradigm of browser plugins/applications in the browser has been abysmal for security AND performance.
+1. And now people think it's cute you can decode MP3s via javascript... ugh.
It will be interesting to see how Silverlight will implement GPU access - if it's going to be a thin wrapper around DirectX (in other words, the DX equivalent of WebGL) I'll be the first person to cry "bloody fucking morons". Hopefully (and perhaps this is wishful thinking) the silverlight team have been getting cluebat beatings from some of the competent security people at MS.
Oh, they have, but even Vanilla Vista was a more enjoyable experience than whatever Linux distro.
(This post is aiming for a +5 funny).
Early versions of Direct3D sucked balls :)
Part of the reason was retained vs. immediate mode - and part of the reason for that was Carmack (and others) asking for immediate mode, but then not wanting to use it; can't blame them, though, as the userkernel mode switches and the general state of GPU hardware back then made it kinda useless. It took Microsoft until DX9 (around 9 years - slow fscks!) to gain the upper hand.
Ah yes, NT's (in reality, VMS') security model is wrong - that must be why there's implementations of ACL for both Linux and BSD? :)
And perhaps the truth lies somewhere between those extremes?
Graphics drivers are crappily written kernel-level code - it's one of the few things that has made my system crash, whether that be linux or windows (Vista did at least one thing right - move large parts of graphics drivers to user mode).
We have to accept this situation, it's not going to change anytime soon. OpenGL itself is a rather big chunk of code as well, and it's not the kind of code that's reviewed with a focus on security.
Do you, honestly, think it's a good idea to pretty much directly expose the GL and graphics driver stack to the web?
Just as with any native code (like a DirectX game, for instance) there is no way to ensure "safety"...although I'd think almost any other attack vector would be easier than WebGL.
I do wonder. Of course it would mean targetting specific GPU vendors, and perhaps specific driver versions as well. But imagine what you could do if you were able to play with DMA... bye bye to any OS security.
They aren't dismissing OpenGL, they're dismissing WebGL - please figure out the difference and at least try contemplating why WebGL might not be a terribly good idea before commenting further.
Hate to break it to you, but humans aren't the only species that actively seek out altered states of mind.
For me it seems to pop up more or less at random - and while it doesn't require an OS reboot, it does require a firefox restart.
All it takes is one whitelisted domain being hacked or DNS poisoned, and you're outta luck - FF has no sandboxing and it doesn't drop unneeded privileges. At least it supports DEP and ASLR, but stil - it's a lot less than IE.
Yes, I do NoScript and ABP as well and try to be diligent about what I allow, but that doesn't mean I'm not aware of the risks.
Yup, I use Foxit Reader on my Windows boxes - it's slow for complex renders though, I wish Sumatra was more stable. But AR is the default used by the masses, and it may be mandated by corporate IT policies.
THERE ISN'T A LOT OF MALWARE FOR LINXU BECAUSE LINUX ISN'T SIGNIFICANT MARKET-SHARE WISE. There, ftfy.
Ask for a tour of your nearest datacenter.
You don't target datacenters with consumer-oriented malware. You target them with DDoSes or specialized attacks to get specific information you're interested in, often involving exploit that aren't known by the public. It's a whole different ballpark.
Your idiotic caps made me write this sentence calling you an idiot to get the lameness filter to shutup.
Idiotic caps because the parent had idiotic caps.
If your hardrive is failing, software won't fix it.
WRONG! There's SpinRite - it zomgmagic fixes harddrives, several thousand circle-jerking lemmings can't be wrong!
Click yes" is a PEBKAC problem - not much we can do about those.
Drive-by attacks are generally against Flash, Acrobat Reader, Java and there's not much the browser or OS can do against those. There's lots of harm you can do even as an unprivileged user, and if that's not enough there's local privilege escalation exploits on all the major OSes.
Operating systems should have security built-in, not tacked-on later.
...anti-competitive lawsuit.
There are some exceptions like flash and acrobat reader and yes they can cause trouble. But how do you get an infection from flash on Linux? Show me one case of this occuring! Otherwise all these Windows fan boys please just STFU about the insecurity of Adobe flash and acroread and how Linux would be just as bad as Windows if the market share was reversed.
I'll show you as soon as Linux has enough marketshare that people start writing malware for it :-)
The attack vectors are there - Flash, Acrobat Reader, Java, FireFox. If a piece of malware wanted root, there's been enough local privilege exploits around and there's bound to be more.
You and I both keep our Linux systems up to date, don't click spurious links or enter or user credentials where we shouldn't. I expect that goes for most Linux users as the userbase looks right now. But do you expect that situation to stay constant if there was going to be a mass migration towards Linux?
Good scheme, but do you expect Joe Burgerflipper and Grand Ma to do such a setup? They're the ones that usually get hit by malware.
And tell us how you would do that? How would you make a web page that convinces the user that they should click 'okay' on your installer instead of going to the system app center / repositories?
People that were conditioned to Windows might fall for it, but people that 'learned' Linux would know it's BS.
And that's only true because there's such a small percentage of people that use Linux, and they generally aren't Clueless Joe User types.
How would you convince someone to give you the admin ID when they didn't launch an installer or app that needs admin access?
Linux never had local privilege exploits, nah-uh.
VIRUSES IN LINUX DON'T PROPAGATE BECAUSE LINUX DOESN'T WORK LIKE WHAT YOU'RE USED TO.
THERE ISN'T A LOT OF MALWARE FOR LINXU BECAUSE LINUX ISN'T SIGNIFICANT MARKET-SHARE WISE. There, ftfy.
[...]and also not designing an OS, the operating system, to protect the entire system from malicious and broken software.
The OS is designed with a lot of protection, do check up on the NT security model. The problem consists of