|
|
|
|
|
|
by comex
4448 days ago
|
|
|
> If a Pidgin-zero-day-wielding attacker sends you a weird-looking message that takes over your computer, all it will actually take over is your Pidgin AppVM. The worst that the attacker can do is steal your OTR keys and spy on your chat conversations Yes, the only thing the attacker can do is compromise all of your chat conversations and impersonate you on an ongoing basis. Maybe you keep a separate browser VM for sensitive work: good, but only secure as long as you never ever accidentally visit a site you don't completely trust, such as any HTTP site. Don't get me wrong, I think Qubes is really cool, but our ultimate goal, collectively, should be an OS where the entire stack, except possibly a few lowest level components (but not including things like filesystems and network drivers), is written in a higher level language than C/C++ and guaranteed free of memory corruption vulnerabilities in the first place. While non-memory corruption vulnerabilities exist, they're generally drastically easier to reason about and prevent, while C vulnerabilities can be anywhere, with exploit mitigations that make most attacks only harder, not impossible. In the meantime, I guess you could always browse using Chromium with ASan enabled :) |
|
|
* I love high level languages, but is there even a toy OS that provides a decent amount of functionality with tolerable performance without cheating? * There is no silver bullet to anything, let alone security. Automatic bounds checks only solve that one problem.
For instance, most would consider this an order of some of the vulnerabilities that potentially exist in increasing severity. And note that the first one is what Heartbleed is qualified as.
* Buffer overrun on read * Buffer overrun on write * Arbitrary code execution