[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FD] Mozilla extensions: a security nightmare
Time to unsubscribe from Bugtraq. I follow that list to be informed of vulnerabilities, not to get spammed by fighting ego's. Get a life.
Chief Information Security Officer
From: Steve Friedl [mailto:steve@xxxxxxxxxxx]
Sent: vrijdag 7 augustus 2015 8:17
To: 'Stefan Kanthak'; 'Mario Vilas'
Cc: 'bugtraq'; 'fulldisclosure'
Subject: RE: [FD] Mozilla extensions: a security nightmare
> Posting on top because that's where the cursor happens to be is like
sh*tt*ng in your pants because that's where your *ssh*l* happens to be!
Here, let me fix this for you:
> "I don't expect to be taking seriously by any technical community"
From: Stefan Kanthak [mailto:stefan.kanthak@xxxxxxxx]
Sent: Thursday, August 06, 2015 12:33 PM
To: Mario Vilas
Cc: bugtraq; fulldisclosure
Subject: Re: [FD] Mozilla extensions: a security nightmare
"Mario Vilas" <mvilas@xxxxxxxxx> wrote:
> W^X applies to memory protection, completely irrelevant here.
I recommend to revisit elementary school and start to learn reading!
| JFTR: current software separates code from data in virtual memory and
| uses "write xor execute" or "data execution prevention" to
| prevent both tampering of code and execution of data.
| The same separation and protection can and of course needs to be
| applied to code and data stored in the file system too!
> Plus you're saying in every situation when a user can overwrite its
> own binaries in its own home folder it's a bug
Again: learn to read!
| No. Writing executable code is NOT the problem here.
| The problem is running this code AFTER it has been tampered.
| (Not only) Mozilla but does NOT detect tampered code.
> - that would make every single Linux distro vulnerable whenever you
> install some software in your own home directory that only you can use.
# mount /home -onoexec
> If you're talking about file and directory permissions it makes sense
> to talk about privilege escalation.
> But I don't think you really understand those security principles
> you're citing. For example, can you give me an example of an attack
The attack vector is OBVIOUS, exploitation is TRIVIAL.
> Also, take a chill pill. Your aggressive tone isn't really helping you
> at all.
Posting on top because that's where the cursor happens to be is like sh*tt*ng in your pants because that's where your *ssh*l* happens to be!