On Aug 5, 2009, at 11:52 PM, yoav zilberberg wrote:
> Jeremy, i can't see how it will make things any worse to punch these
> holes
>
> you still fork flash in its own process like you do now
> only you sandbox it.... how is it any worse ?
Please trust authoritative folks like Carlos when they tell you that
if sandboxing Flash were something that could be done reliably, even
with high effort, it would have been done by the Chrome team already.
Features of Flash like direct network access through their own stack,
direct access to GPU resources, access to the file system, and audio/
video input are incredibly hard to sort out from "regular" Flash
usage. At a minimum, they'll require code changes to Flash to help
browsers mediate the access to those resources in a sandboxed
environment. The current NPAPI interface doesn't have those contracts
in place, and so the assumptions have been fixed and code written
right up to the limit of those assumptions. To see how it works for
yourself, try the --safe-plugins flag and then see how well the Flash-
using web at large works (and if/how things break).
It's all tractable in time, and you're right that it's absolutely
desirable to sandbox Flash, but doing it today will undoubtedly lead
to a poor user experience.
If you'd like this situation to improve, might I suggest you help out
by striking up a conversation with Adobe on the topic? In my personal
interactions with their folks, they've been cordial and reasonable,
and I'm sure they'd like to hear from a customer who's interested in
seeing a safer Flash.
Regards
> this is just an observation that if i would write malware (which of
> course, i would never)
> i would just use flash plugins exploits to be cross browser compatible
> and this renders the sandbox nearly useless for future attacks
>
> what "decent" malware writer would bother with webkit explits ? none!
>
> besides, if you look at the help forum of chrome, you will see some
> people are starting to catch malware like this
> which is btw, how i got this evil site's URL.... i would never click
> on my own such a foul looking site
>
> as for the auto updating issue, i suggested a solution in one of my
> prev posts
> and i am sure you can have a word with adobe for this
>
> in a sense chrome makes it easier to infect itself(!) as you run
> plugins in the medium integrity level (Vista and above)
> and you normally install chrome in the local user account, so no UAC
> prompt will help the user
> if some delicate file or DLL is written to chrome folder, and then
> it will do something never intended
>
> also, one more note, flash is special enough that if you would "hard
> code" the solution to it, you would anyays
> solve most infections problems in the world, and maybe even
> cancer... who knows ?
>
> and regarding what CPU said (and ignoring the auto-update) it seems
> that flash does work flawlessly
> using your '--safe-plugins' switch, and doing this on that site does
> stop the attack
> (tbh, maybe the attack was stopped because the sun's java died in
> the sandbox, but Ian said it was a flash based
> attack)
>
> >
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
