<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body> <div> <a class="bz_bug_link bz_status_NEW " title="NEW - Planetary Anihilation: Titans display content of other processes buffers" href="https://bugs.freedesktop.org/show_bug.cgi?id=91889#c23">Comment # 23</a> on <a class="bz_bug_link bz_status_NEW " title="NEW - Planetary Anihilation: Titans display content of other processes buffers" href="https://bugs.freedesktop.org/show_bug.cgi?id=91889">bug 91889</a> from <a class="email" href="mailto:eirik@eirikba.org" title="Eirik Byrkjeflot Anonsen <eirik@eirikba.org>"> Eirik Byrkjeflot Anonsen</a> <pre>(In reply to almos from <a href="show_bug.cgi?id=91889#c22">comment #22</a>) > (In reply to Eirik Byrkjeflot Anonsen from <a href="show_bug.cgi?id=91889#c21">comment #21</a>) > > > No matter what they shouldn't be able to get that data. I'm starting to > > > think if it's possible to grab that data with OpenGL would it be also > > > possible with WebGL... > > > > It should not be possible with WebGL. One of the things that delayed WebGL's > > general availability was that the specification required that all data shall > > be initialized. This was explicitly mentioned as being a difference from > > other OpenGL specifications due to the different threat models. > > Well, this bug might be an indication that Mesa doesn't initialize all data. Mesa is an OpenGL implementation, not a WebGL implementation, so there is nothing wrong with that. That is, there is nothing in the OpenGL specifications (as far as I know) that says Mesa is doing something wrong. Arguably, this is based on an outdated threat model where local applications are trusted. A more modern understanding of local application security would probably indicate that the threat model should be changed to protect against such information leaks.</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> </ul> </body> </html>