Martin McKey over of at the Network Security Blog is going to meet the IE7 team and is waiting for proposals regarding the questions he should ask them. Here is mine:
First let me give a little background as I see it so that if they choose to answer my question (no offense, but if it is as I suspect, they are limited in their freedom of speech regarding this areas by NDAs and such) they can do so in the correct context. One of the biggest security advantages of IE7 is the so called containment wall
, which if I understand correctly uses the x86/x64 architecture and the Windows NT security system to separate in different processes the different tasks the browser has, so that a lower privilege task can’t corrupt the memory of a higher privileged task. I think that this is a very robust solution which should reduce the attack surface considerably and I also can appreciate the work that most have gone into slicing
up the application in parts. Now my question would be: is there any real technical reason for which this won’t be available under non-Vista versions of Windows? If possible name at least one API which this feature needs that is not available under non-Vista Windowses.. Because all of the mentioned techniques are available on all version of Windows from Win2K onwards (as for example the DropMyRigths tool written by Michael Howard demonstrates). I’m very curious if and what they’ll respond, but I have several possible scenarios in my mind: (a) I’ve misunderstood the feature and it’s really more or different from what I’ve described (moderately possible) (b) This is a marketing move which incorrectly puts revenue generating in front of security (this is my personal opinion, but I don’t think they will admit to it) or (c) my question won’t be asked at all.
One response to “Picking the brain of the IE7 team”
You can disable safe mode at the directory/application level if you have access to your apache config.
Use “php_admin_flag safe_mode off” inside a <Directory> container to do this. Note that it can’t be used in an .htaccess file.
The point of doing this is that you can have everything operate under safe mode by default, and only turn it off for a given directory if you really have to (and know what you’re doing).