[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] pdf with tor



>couldn't we just code some protection against this
Well security vulnerabilities are basically bugs, that is, programming
mistakes, which a 3rd party can exploit to do things like crash or take
control of the system.

There are some mitigations such as Address Space Layout Randomisation,
Position Independent Code, Stack Smashing Protection, Mandatory Access
Controls etc. If you are interested in the technical details of how these
things work I recommend looking at the Hardened Gentoo documentation
http://wiki.gentoo.org/wiki/Hardened/Introduction_to_Hardened_Gentoo.

I think the general problem is more political than technical. Unfortunately
no one really cares about security. Maybe it's because it can't be measured
easily, unlike other things such as performance. If a regular person
switches from OS A to OS B and their computer now takes twice as long to
boot up they are just going to switch right back - regardless of any
additional non-tangible benefits the latter may have, including security.

At the moment we're in a sad situation where OS vendors will only implement
watered down security controls so as to not harm things that customers
actually notice such as performance. For example Windows, OS X and Linux
all have some kind of ASLR so they can tick the box and say "yep, got that
shiny feature" but if one were to scrutinise the actual implementations
they are all woefully inadequate compared to the original Pax or OpenBSD
design. Here is an article illustrating the kind of attitude I mean
https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm.

I think opening PDF files inside a virtual machine is not a bad way of
solving the problem. There are obviously practical limits stopping you from
having a VM for every application. If that idea of separating groups of
addictions into different virtual machines still intrigues you though then
you might be interested in the Qubes project.

I hope this information is helpful.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk