Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps. Perhaps not. As a thought experiment:

How long would it be safe to go without browser updates with a browser of complexity/capabilies of links, if 50% of people used it?

With many people combing through it, would it become effectively unexploitable?



Probably not very long. Even with a small attack surface, if half the world uses it, the zero-days are valuable. Links is still vulnerable to

* application-layer attacks (it is still an HTTP client and HTML parser, and the protocols themselves are complicated to implement soundly, even if the newest features aren't included)

* protocol attacks (is links immune to buffer-overruns triggered by intentionally-malformed queries? Probably not, since it has no total-soundness verification. And the source code isn't open-source so )

* dependency attacks (it uses svgalib [https://www.cvedetails.com/vulnerability-list/vendor_id-84/p...], and every third-party library is a potential attack vector)

* good old-fashioned UI spoofing (is links' UI design immune to allowing web pages to show an image that tricks the user into thinking they're looking at the links UI itself?)

In this thought experiment, any successful attack has massive value so we can expect bad actors to be hammering on the system and finding most such exploits available on the application.


> .. source code isn't open-source ..

Not sure what you mean, but then what is this: http://links.twibright.com/download/

> In this thought experiment, any successful attack has massive value so we can expect bad actors to be hammering on the system and finding most such exploits available on the application.

Precisely, and because of that, with 50% people using it, an orders of magnitude smaller attack surface and a mostly fixed feature set (you could at least have a LTS version), just how many vulnerabilities are there to find? How many man-years of work until there is nothing¹ left to find? Do you think that just any code has exploitable vulnerabilities, you just need to look hard enough? And with each fix, you can repeat that ad nauseam?

With the current browser development efforts, would we end up with a 100% formally verified browser, including its dependencies, networking, and maybe even relevant parts of a linux kernel?

Judging by the change log[2], links is currently developed by 1 developer and occasional contributions.

¹ Nothing of sufficient importance, frequency and lack of reasonable mitigations like not clicking on browser look-alikes, server-side CSRF protections, etc.

[2] http://links.twibright.com/download/ChangeLog




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: