I thought you'd say: compiler-based anti-exploitation measures. To which I had a ready counterpoint (1/) @RichFelker @dotMudge
-
-
Replying to @rootkovska @halvarflake
..that these are unable to protect against malicious/compromised app vendors. But you ruined my plan ;)
@RichFelker@dotMudge1 reply 0 retweets 2 likes -
Replying to @rootkovska @halvarflake and
Compiler mitigations and memory safe languages are part of securing the sandbox impl too.
1 reply 0 retweets 2 likes -
Replying to @CopperheadOS @rootkovska and
Isolation also doesn't help when the data the attacker wants is already inside the sandbox.
2 replies 0 retweets 7 likes -
Replying to @CopperheadOS @rootkovska and
https://www.chromium.org/developers/design-documents/site-isolation … is a property people expect the *existing* Chromium sandbox to have.
1 reply 1 retweet 2 likes -
Replying to @CopperheadOS @rootkovska and
Even with site isolation and no sandbox bypass there can be plenty of useful data within it.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @rootkovska and
Like user-uploaded content on Google being used to exploit and then grab Google credentials.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @rootkovska and
The same thing applies to apps, data attacker wants is often just data that app instance has.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @rootkovska and
Ideal for stuff document editors/reader is no direct access to persistent user data at all.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @rootkovska and
i.e. how Android's content providers work. Provide only temporary access based on user input.
2 replies 0 retweets 1 like
and disposable VMs in Qubes :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.