[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] Proposed change to WebGL spec section 4.2 (Security Origin Restrictions)

Actually, I think that this texture access pattern attack could be
detected by tracking variable use. Only allow untainted texture coords
in texture2D, mark variable as tainted if it is the lvalue of an
_expression_ with a tainted rvalue or a texture2D call.

This is insufficient, you'd also have to block control flow based on tainted values.  And tainted texture fetches in vertex shaders.  And then I'm still not confident.

-- Kenneth Waters