Chrome on OS X - Browser security done right

Discussion in 'all things UNIX' started by ace55, Jun 4, 2010.

Thread Status:
Not open for further replies.
  1. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Chrome, by default, makes use of the built in sandboxing functions of OS X. Take a look: -http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design

    Very impressive and leaps and bounds above any default install of any browser on any platform. Of course, the same can be accomplished in Linux, but nowhere near as elegantly. As far as I know, AppArmor and SELinux cannot be configured by a running application in order to restrict itself. The most impressive part of all this is how transparent this is to the user and how effective.

    Some relevant code not mentioned in the article: -http://src.chromium.org/svn/trunk/src/chrome/common/sandbox_mac.mm

    Only potential hole I can see is the utility process with the on the fly defined directory for read/write access. I spent a few minutes searching through the source and failed to find out how exactly this variable is defined in code. No reason why it cannot be handled securely, though.
     
    Last edited: Jun 4, 2010
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    And why is this important? How come browser usage is always focused into singularity = security. How about being able to render pages properly or provide a simple and useful interface? How about language support, codecs, accessibility for visually impaired and such?

    All browsers have security done right, more or less. The only important difference is whoever sits in front of it and hammers the keyboard. Nothing software can beat human stupidity. And if you're smart enough to know Chrome or whatever exists, apart from OS default, then you're already 10 light years ahead.

    Mrk
     
Loading...
Thread Status:
Not open for further replies.