Below my post about Chrome's sandbox I engaged in a discussion with AlienRancher regarding the function hooking (or 'interception' as Google calls it) really being a security mechanism. I must confess that I really thought it was, and I even liked the idea. But in fact it came out that function hooking is for compatibility purposes only. If a plugin has trouble running in a restricted environment due to problems with limited access to some keys/files, the hooking mechanism can transfer the calls to the browser, and they will be done with browser privileges (of course if a certain rule allows it).
It means that my hook taking off PoC was still OK, but not really needed for anything ;>
Sorry for misinterpreting the whole hooking mechanism then ;>
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- GWGC 2018/19: Winners,
- GWGC 2018/19: Games, Results Livestream,
- Slides/video: C/C++ vs Security!,
- Dragon Sector Update: top1 in 2018 season,
- Gynvael's Winter GameDev Challenge 2018/19,
- Question for my readers - what should I use to write a book?,
- Battle bot competition begins,
- Next stream: Arcane Sector Online tasks from Dragon CTF,
- Teaser Dragon CTF 2018 starts tomorrow!,
- GSGC 2018: Results,
- → see all posts on main page
Add a comment: