|
|
|
|
|
|
by MaxBarraclough
1891 days ago
|
|
|
> The thing with memory bugs is that you need another bug for Sandbox to fully exploit the browser. The quote was Around 70% of our high severity security bugs are memory unsafety problems. Doesn't sound like sandboxing is effective there. > Here is a real world logical exploit that knock sandbox and Rust won't prevent this stuff, I'm not sure I see your point here. No one is arguing that Safe Rust makes all logic bugs go away. It's not a formal methods framework, it's a safe programming language. If Chromium had been written in Safe Rust (assuming that's practical), presumably at least 70% of its high-severity security bugs would have been avoided. You're right that they still wouldn't have perfection. The only shot at perfect security is through formal methods, following SeL4, but as things stand, formal methods cannot scale to a problem as large as a modern web browser. Sadly, even TLS is beyond what we can implement with formal methods. |
|
|
This quote simply means there are 70% high severity security bugs and it doesn't implies anything about sandbox.
You can have a use-after-free exploit but it's worthless without a sandbox escape.
Sandboxing is very effective at memory bugs but certainly bad at logical bugs.