Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Graphics Security Technology

WebGL Poses New Security Problems 178

Posted by CmdrTaco from the but-this-time-its-in-three-dee dept.
Julie188 writes "Researchers are warning that the WebGL standard undermines existing operating system security protections and offers up new attack surfaces. To enable rendering of demanding 3D animations, WebGL allows web sites to execute shader code directly on a system's graphics card. This can allow an attacker to exploit security vulnerabilities in the graphics card driver and even inject malicious code onto the system."
This discussion has been archived. No new comments can be posted.

WebGL Poses New Security Problems More

WebGL Poses New Security Problems

Comments Filter:

  • WebGL was always a bad idea (Score:2, Insightful)

    by Anonymous Coward on Tuesday May 10, 2011 @03:45PM (#36086718)
    Now that we finally have sandboxing in browsers they want to let any website run directly code on your hardware. Insane! Just forget the WebGL stuff. Silverlight has direct support for XNA which handles it everything better and safer anyway. Are we also supposed to write WebGL games with notepad? At least XNA games can be written with a solid IDE like Visual Studio. Not only that but the games also work on Xbox360 and mobile phones without such a major porting. What a developers dream...

    Leave my hardware alone and secure!

  • Re:Glad I'm not using Binary Blob drivers (Score:4, Insightful)

    by MrEricSir ( 398214 ) on Tuesday May 10, 2011 @03:55PM (#36086838) Homepage

    Do any FOSS drivers even support shaders?

  • Re:WebGL was always a bad idea (Score:1, Insightful)

    by Anonymous Coward on Tuesday May 10, 2011 @03:57PM (#36086856)

    Silverlight has direct support for XNA
    [snip]
    a solid IDE like Visual Studio.
    [snip]
    Not only that but the games also work on Xbox360 and mobile phones
    [snip]
    Leave my hardware alone and secure!

    Translation: "WebGL is insecure! Use Microsoft products instead!"

    Sorry, I need to stop laughing hysterically before I can post any more.

  • I don't get it (Score:2, Insightful)

    by multi io ( 640409 ) <olaf.klischat@googlemail.com> on Tuesday May 10, 2011 @04:01PM (#36086908)
    So they're saying that enabling shader code execution allows web sites to exploit hypothetical vulnerabilities in the graphics driver? How's that different from saying that enabling Javascript code execution allows web sites to exploit hypothetical vulnerabilities in the Javascript interpreter?

  • I can't wait for Native Client! (Score:5, Insightful)

    by Anonymous Coward on Tuesday May 10, 2011 @04:22PM (#36087118)

    Can anyone remind me why we're putting EVERYTHING in a web browser anyway?

  • Re:I don't get it (Score:4, Insightful)

    by amorsen ( 7485 ) <benny+slashdot@amorsen.dk> on Tuesday May 10, 2011 @04:41PM (#36087332)

    So they're saying that enabling shader code execution allows web sites to exploit hypothetical vulnerabilities in the graphics driver?

    They're not particularly hypothetical. Graphics driver code is such that games programmers carefully work around bugs in order to not crash anything. Imagine if every program running on the main CPU had to carefully avoid certain instruction sequences in order to not crash the system -- would you run a multi-user system on that?

    Then again, that was how it was in the 80's on many time sharing systems...

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close