Hacker News new | ask | show | jobs
by jhasse 3132 days ago
> or corrupting my stack pointer...

in that case, it will crash with a SIGSEGV sooner or later anyway
1 comments
Slavius 3132 days ago
...or is being remotely exploited and it silently succeeds. Who wants that?
link
jhasse 3132 days ago
That is very unlikely. Crashing would happen 100% of the time though. Most people want that trade-off (meaning: If their browser would crash, they would switch to another one, even it was less secure).
link
TickleSteve 3132 days ago
Stack pointer manipulation is the entry point for an extremely large subset of security issues.
link
Slavius 3132 days ago
Corrupting SP is part of almost every exploit and I can guarantee you that it is very likely (going to cause harm on your system). Try to pull Metasploit GIT repo to get some idea about thousands of payloads that do corrupt SP without crashing the host...
link
jhasse 3132 days ago
Yes, but how many of all cases of corrupted stack pointers are exploits?
link
jessaustin 3132 days ago
Why would that matter? We're not trying to be secure against random cosmic rays. We're trying to be secure against attackers.

http://wondermark.com/406/

link
jhasse 3131 days ago
It matters because we're talking about letting the browser crash on all cases.

> We're trying to be secure against attackers.

We also want a browser that doesn't crash.

link