On Fri, Aug 24, 2007 at 11:25:49AM +0100, Richard Lewis wrote:
On Friday 24 August 2007 11:03:49 Dan Hatton wrote:
And when it checks if it's already running, it checks under an application ID determined by the -a option given on the command line.
The fact that this happens at all, though, means that an x client running on machine A can tell an x client running on machine B to open a new tab/window pointing at a URL chosen by the client on machine A - even though the x server may be on A or B, or indeed on a third machine C. Does anyone have a view as to the security implications of this?
Given that you've given it access to your display and handed it a shiny cookie on a plate, I don't see that as a security risk - you've granted it the permissions it requires, it's just using straight off xlib calls to check and call (IIRC).
Of course, there's nothing stopping you from taking the source of firefox and stopping this silly behaviour... while you're at it, if you can fix the memory leaks too, that'd be *great*!
Excellent: another (good) reason not to use Firefox.
Konqueror ftw ;-)
Except Konqueror sucks just as hard and uses the crappy Qt toolkit. Mix in the fact that it's not just a web browser but a nasty file manager and we appear to have gone back to around 1998 with IE4 and Windows 98... "yay"?
God I wish there was a browser that actually had: (a) decent css support (b) a fast (and accurate) rendering engine (c) no memory leaks (d) no random buffer overflows, segfaults, annoying habits (e) a UI that didn't entirely totally suck
Until that point, I'm sticking with firefox (well, actually, iceweasel in debian, at least there's half a chance that that'll get security updates)...
Ho hum - when will web browsers stop sucking and designers get the opportunity of not having to test a site it 10 million different browsers because they've all got their own quirks and interpretation of the specs - it's not like HTML is a new spec, heck, it's not even like CSS3 is new - and yet, where's the support?
Bah,