[opensource-dev] The Faces Of Client-Side Code
Argent Stonecutter
secret.argent at gmail.com
Sun Mar 7 07:38:39 PST 2010
On 2010-03-07, at 08:20, Carlo Wood wrote:
> On Sat, Mar 06, 2010 at 11:19:43PM -0800, Ricky wrote:
>> Client Plugins
> Ok, although I'd prefer if-- for example-- media plugins run in a
> sandbox;
> think about the recent mention of the quicktime exploit.
The kind of sandbox you can usefully enforce for native code in an
environment like this provides too little protection to justify the
overhead it would require. Leaky sandboxes mostly provide a false
sense of security.
More information about the opensource-dev
mailing list