今天看来Ryan对Charlie Miller的采访。这位老兄刚刚在CanSecWest上的黑客大赛上攻陷了Safari浏览器。
采访的全文可以参见:
http://blogs.zdnet.com/security/?p=2941
采访中最有意思的一个话题是:
Why Safari? Why didn’t you go after IE or Safari?
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
It’s more about the operating system that the (target) program is running on. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.
With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.
It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.
安全问题是一个整体。最终用户的安全与应用程序和其运行操作系统都有关系。