Is Firefox a Good Thing?
Andy Green
andy at warmcat.com
Fri Oct 13 20:51:21 UTC 2006
Christopher Aillon wrote:
> The kernel has more vulnerabilities[1] than this user-space application
> does. Let's reconsider having that in the distro, too.
With respect this is not a good response to my question. How many
kernel problems are remote-exploitable? Does the kernel of itself visit
random external "scripts" on the Internet and execute what it finds
there? No. But a browser is designed to do such actions. If we really
do talk about code of such complexity that "MASSIVE changes which took
several architects months to perfect, and it STILL caused 10-20
regressions" it's a lot more frightening to hear that about usermode
code that exists to go out to a potentially hostile Intenet on behalf of
a logged-in user than it is to hear the same about a kernel where the
vast bulk of vulns are local only. Objectively, looking at your
description of security fixes on the beast, shouldn't people take pause
at a creature that is so complex and poorly understood, but is our main
proposed way of interfacing to the good and evil of the external world?
-Andy
More information about the fedora-devel-list
mailing list