| > it's not clear that having a library would add any security I don't think that's the main benefit of using/developing an external library for this. To me, using an external library sounds like a good idea because: - You get code separation. A bit less code on the main Firefox repo, and a repo dedicated only to BMP decoding (or image files in general). Someone who wants to contribute to the BMP decoder wouldn't need to download all FF repo and understand/configure its build system. Big plus! - The library can be shared among different applications. It doesn't make sense for each browser to have a different implementation of BMP decoding, each with their own bugs. Sharing a library for this kind of stuff would actually benefit security, as a bug fixed by one browser/app developer would benefit the others. That last one is the biggest thing for me. The BMP example is a very simple one, and not very important. It is in more complex tasks that i think sharing libraries would be much more beneficial. For example, wouldn't it be great that, instead duplicating so much effort in implementing the streaming capabilities of Media Source Extensions [1], the different browsers shared a library dedicated to that complex task? We could have had a more complete and robust implementation in less total time! And that's just one example; there are tons of complex things browsers do that could be extracted to separate shared libraries. [1]: And so many bugs https://bugzilla.mozilla.org/show_bug.cgi?id=778617 |
This is incredibly important for security. Reducing complexity and possible attack surface even between components is something that has been ignored in software for far too long.
Crypto shouldn't ever be in the same address space of any process that also does parsing or network I/O. That's just asking for the keys to be leaked (or other problems) when the inevitable bug is found.