|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Beck (becka
uni-duesseldorf.de)Date: Tue Jun 11 2002 - 10:03:37 CDT
Tom <tomlemuria.org> wrote:
> > Is this really a mozilla bug?
> It's a bug in X that becomes remote-exploitable through mozilla.
Ack. If X can be crashed by an application, X is at fault. We all know, that
there are "legal" ways to make X unuseable (xlock e.g.), but actually
crashing the X server should never happen, as a faulty application may cause
data loss in correct applications this way. Not what we expect in a Unix
environment.
> > (a) Fix every app to disallow font sizes bigger then <maxvalue>
> > (b) Fix XFS to return an error code to the calling application
> > when requested font size is greater then configured <maxvalue>
> > Personally i would go for b.
> Personally, I would go for both, with a limitation on a, namely that
> apps that accept remote data (i.e. mozilla) should definitely do some
> checking on that data before handing it to the local system (i.e. X).
Right. Applications that accept untrusted data have a special responsibility
to canonicalize them in order to protect the underlying system from the
possible side effects. No matter if the underlying system _should_ be able
to cope with them.
However that does not mean, the bug in the lower layers may remain there.
Also note, that - as I already reported to Tom in PM - not all X servers
are affected. I tested the example sites using Mozilla 1.0RC2 on an XGGI
server which is based on rather old X-consortium code IIRC and the expected
effects did not show up.
CU, Andy
-- Andreas Beck | Email : <becka
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]