<i>I agree with Microsoft’s assessment that WebGL is a severe security risk. The gfx driver culture is not the culture of security.</i><p>~ <a href="https://twitter.com/ID_AA_Carmack/statuses/81732190949486592" rel="nofollow">https://twitter.com/ID_AA_Carmack/statuses/81732190949486592</a>
As I said in another thread, aren't these security points all applicable to JOGL running in a Java applet? Therefore if they are exploitable, they probably already are being exploited, and therefore implementing WebGL does not add any new attack vectors. Am I wrong?<p>An interesting question would be "If all these security concerns were resolved, would Microsoft then implement WebGL?". Then, I guess, the answer is still no, because WebGL is based on OpenGL and not DirectX.
I've posted in the other threads about this but when I read this: "The security of WebGL as a whole depends on lower levels of the system, including OEM drivers, upholding security guarantees they never really need to worry about before."<p>I can't help but wonder. If those drivers are so buggy, why isn't this a high priority to fix? It would probably be easier for hackers to attack other things due to the wide range of drivers but if the security issues claims against WebGL are real then escalation of privileges on any OS is a question of breaking the GPU driver.<p>I find that to be a big issue even with WebGL not in the picture.
Why not use the existing trust model in IE, as applied to ActiveX? Give users the option to trust WebGL on sites like Mr.doob and block it pending the user's explicit permission on untrusted sites.
It may well be true, but it's a little odd (to someone who has only ever had one windows computer) to hear them say things like "in a way that we consider to be overly permissive" and "relies too heavily on third parties to secure the web experience". Take out web of this, and it's the exact feelings we had about XP security.<p>Do they have a non-propriety alternative? The closest thing I can think of is WPF, which is based on Directx.
maybe if they had a sane security model for the browser this wouldn't be an issue? I have to believe chrome team is thinking this with how the browser puts each renderer into a sandbox process... but maybe MS doesn't want to do that because of how they've HW accel'ed so much?