1 |
R0b0t1 <r030t1@×××××.com> wrote: |
2 |
> On Thu, Jul 6, 2017 at 1:33 AM, Martin Vaeth <martin@×××××.de> wrote: |
3 |
>> Peter Humphrey <peter@××××××××××××.uk> wrote: |
4 |
>>> On Tuesday 04 Jul 2017 10:14:23 Martin Vaeth wrote: |
5 |
>>>> |
6 |
>>>> With modern browsers and their complexity, you can expect that any |
7 |
>>>> website (or the one who has hacked it) can do anything which the |
8 |
>>>> user of that browser can do if he is sitting on your seat. |
9 |
>>> |
10 |
>>> Have you seen any reports of that kind of thing? |
11 |
>> |
12 |
>> Are you joking? Every CVE of the browser (or of any of its dependencies) |
13 |
>> which eventually allows an "execution of arbitrary code" exploit is |
14 |
>> such an example. |
15 |
>> |
16 |
>>> but I'd expect Linux to be less vulnerable. |
17 |
>> |
18 |
>> This has nothing to do with linux. It is the complexity of the |
19 |
>> browser which is the problem. |
20 |
> |
21 |
> To be fair it is a bit more circuitous on Linux than it is on Windows. |
22 |
> [...] you can't directly cause another process to start executing |
23 |
> your code directly [...] On Windows there exists CreateRemoteThread. |
24 |
|
25 |
If you get your browser to do what you wish (e.g. calling |
26 |
CreateRemoteThread on windows) you can usually let it directly execute |
27 |
what you wish, anyway. |
28 |
|
29 |
So there is hardly a difference from the system. |
30 |
|
31 |
I agree that the number of possible exploits for the former was slightly |
32 |
decreased if you had a correspondingly configured hardened kernel |
33 |
(and provided, of course, that you have not other gapping security holes |
34 |
like polkit, systemd, nepomuk/baloo, ... which all suffer from the |
35 |
same problem than browsers due to the fact that they provide every user |
36 |
access to a much too complex software stack.) |
37 |
|
38 |
But my original text was arguing against the claim that the primary |
39 |
purpose of hardened kernels was to protect against untrusted users |
40 |
sitting in front of the keyboard. |