[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] Proposed change to WebGL spec section 4.2 (Security Origin Restrictions)



On Oct 7, 2010, at 11:14 AM, steve@sjbaker.org wrote:
> Escaping out of the shader sandbox would be an error for the driver
> writers to handle.  nVidia, ATI, Intel, etc have to prevent their shaders
> from doing that - and since they are (mostly) running on highly controlled
> hardware - I don't think we have too much to worry about there.  The only
> place I'd be remotely concerned about that would be with drivers for low
> end hardware where the vertex shader is implemented in CPU software.  But
> even then, that's an issue for the driver writers.  If they write insecure
> drivers - that's their fault and there is absolutely nothing we can do
> about that.  We don't get concerned (at the browser level) about exploits
> in keyboard and mouse drivers...why is graphics any different?

Video card drivers have a history of having bugs that can bring down a machine

Unlike the majority of drivers, video drivers are required to accept programmatic and user content that is highly complex and then change their behaviour based on that input.  Historically this content has been "trusted", eg. it comes from software that people have deliberately placed on their computer and run.  WebGL is the first real instance of a specification that intends to (effectively) throw 100% untrusted content at these drivers.

In summary: Video drivers have had serious bugs in that past, even when running content that is trusted and expected to work, webgl will be the first thing to openly expose them to arbitrary untrusted content that will attempt to break them.

--Oliver


-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email: