Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Throws Flash Into the Sandbox

Posted by CmdrTaco on from the with-a-pail-and-shovel dept.

wiredmikey writes "Google announced today that it will be extending Chrome's sandboxing technology to include the Flash Player plug-in. 'Sandboxing' technology is a method of isolating an application from the rest of the operating system and tightly controlling its resources. According to Google, the new sandboxing feature adds an additional layer of protection and will help protect users against malicious pages that attempt to hijack systems or steal information from the system."

8 of 109 comments (clear)

  1. Apple has the ultimate Flash sandbox by wjousts · · Score: 5, Funny

    You have to run it on a completely different machine. Can't get much more secure than that.

  2. By announced "today", you mean December 1st? by VGPowerlord · · Score: 4, Informative

    In case you missed it, the Chromium Blog talked about this in their December 1st blog entry.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  3. Not really important to me by gman003 · · Score: 4, Interesting

    After all, I already run Chrome itself in a sandbox. Firefox, too. Why?

    Pretty much every exploit now begins by "the user visits a website". After that, pretty much any technology can be the hole it exploits - Java, Flash, PDF viewing, even JPEG rendering has been exploited. There's an abundance of targets. The modern browser is just too big a platform to secure completely. So, I don't trust any browser more modern than Lynx.

    1. Re:Not really important to me by carkb · · Score: 4, Informative

      Even Lynx is too 'modern'. Check this exploit: http://www.vupen.com/english/advisories/2010/2042

  4. Re:Dupe by wiredmikey · · Score: 4, Informative

    Yes, they mentioned it earlier, today it appears to actually be in action and built into the latest beta of the product.

  5. LOL by Captain+Splendid · · Score: 2

    As an admitted fan of the iOS line, that was comedy gold. Here's hoping the butthurt fanbois don't have mod points today.

    --
    Linux, you magnificent bastard, I read the fucking manual!
  6. Re:Flex apps? by KublaiKhan · · Score: 3, Interesting

    Some of the applications are glorified bookmarks; others--the 'plugins'--extend functionality of the browser itself.

    For instance, there's a plugin that allows interface to the system's ping, ping6, traceroute, traceroute6, whois, and a couple of other net-centric functions. It includes some friendly interfacing, and it's smart enough to grab the current tab's URL as the target when invoked.

    If the 'plugin' functionality could invoke a flash app, that would work well for more complex programs, and would be helpful for ChromeOS installations--corporate users could invoke custom corporate clients, for instance.

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
  7. Re:Back in the day... by perrin · · Score: 2

    Unfortunately, Linux in this respect is not a "Modern OS". The ability to sandbox user applications is extremely poorly developed. I have been looking at portable sandboxing lately, and it is a horrible nightmare. The Chrome developers created some fancy hacks for each OS, and they have pulled it off quite nicely, but they remain hacks, not elegant designs. The platform with the best current sandboxing API is, ironically, Windows Vista/7, with their configurable integrity levels. An API dubbed "Seatbelt" is being developed on MacOSX, but it is still in its barely-can-walk infancy, and the Chrome devs used undocumented parts of the API to make it all work. On LINUX there is a set of competing security modules for the kernel, with SELinux being the most used. Unfortunately, not only do some distros not use it, but a lot of users who have it disable it immediately (or set it to permissive mode, which from a sandboxing point of view is the same thing). And SELinux is a horrible beast to program for. It is insanely complex, and has non-existent documentation on how to use it to confine user programs.

    What is needed is some generally agreed upon extension to POSIX on how to easily allow a user process to drop privileges it does not need. One experimental OS I looked at once (VSTa) had the ability for all users to create subgroups to their GID by adding more numbers. If your UID.GID was 500.500, you could create a new directory owned by 500.500.2, and allow the process owned by 500.500.2 only to access to this directory (some documentation on this is still up at http://www.vsta.org:8080/VSTa_2fDocumentation_2fCapabilities). I wish some similar, dead simple scheme could be created for Linux that ordinary users could understand themselves. Only a dedicated security elite could possibly wrap their heads around the SELinux rules -- everyone else just turn it off as soon as it gets in the way.