Wednesday, February 29, 2012

Chrome Linux 64-bit and Pepper Flash

Flash on Linux hasn't always been cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best experience in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stability and security departments. Users of 64-bit Linux, in particular, have to put up with NSPluginWrapper, a technology which bridges a 64-bit browser process to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 32-bit Flash library.

In terms of sandboxing, your distribution might slap a clunky SELinux or AppArmor policy on Flash, but it may or may not be on by default.

Given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 above, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fact I'm a 64-bit Linux user, I was really happy to see Chrome's latest dev channel include a native 64-bit Pepper Flash plug-in. What does this mean?
  • Security: sandboxing. Pepper plug-ins run inside Chrome's renderer sandbox. On Linux, this is chroot() and PID namespace based, so Flash in this context has no filesystem access, nor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to interfere with ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r processes.

  • Stability: native 64-bit build. Generally, stability and performance should be better than NSPluginWrapper on account of not having to bounce through an extra layer and process.

  • Security: 64-bit address space. It's harder to heap spray or JIT spray a 64-bit address space. Physical memory will typically run out long before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spray achieves a statistical likelihood of being at any particular memory location.

There are some warts of course. Although it works ok on my Ubuntu box, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are lots of comments on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 releases blog which indicate Flash is broken, particularly from Fedora users. There's also an ASLR failure (missing position independent executable) which will be fixed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next revision.

Overall, though, seems like a promising boost to Linux Flash security is heading towards cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chrome stable channel.