Commit 279d9f4c authored by Tom Sepez's avatar Tom Sepez Committed by Chromium LUCI CQ

Add section to security faq about open debugger ports.

Bug: chromium:1129358
Change-Id: Iee01b1df931cd5dcf63cf378ac504d68ea4cbf75
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2565736Reviewed-by: default avatarAdrian Taylor <adetaylor@chromium.org>
Reviewed-by: default avatarChris Palmer <palmer@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#832012}
parent 0d5ea018
...@@ -220,11 +220,15 @@ computer. ...@@ -220,11 +220,15 @@ computer.
<a name="TOC-Why-aren-t-compromised-infected-machines-in-Chrome-s-threat-model-"></a> <a name="TOC-Why-aren-t-compromised-infected-machines-in-Chrome-s-threat-model-"></a>
## Why aren't compromised/infected machines in Chrome's threat model? ## Why aren't compromised/infected machines in Chrome's threat model?
This is essentially the same situation as with physically-local attacks. The Although the attacker may now be remote, the consequences are essentially the
attacker's code, when it runs as your user account on your machine, can do same as with physically-local attacks. The attacker's code, when it runs as
anything you can do. (See also [Microsoft's Ten Immutable Laws Of your user account on your machine, can do anything you can do. (See also
[Microsoft's Ten Immutable Laws Of
Security](https://web.archive.org/web/20160311224620/https://technet.microsoft.com/en-us/library/hh278941.aspx).) Security](https://web.archive.org/web/20160311224620/https://technet.microsoft.com/en-us/library/hh278941.aspx).)
Other cases covered by this section include leaving a debugger port open to
the world, remote shells, and so forth.
<a name="TOC-What-about-unmasking-of-passwords-with-the-developer-tools-"></a> <a name="TOC-What-about-unmasking-of-passwords-with-the-developer-tools-"></a>
## What about unmasking of passwords with the developer tools? ## What about unmasking of passwords with the developer tools?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment