rwatson / chromium-capsicum Goto Github PK
View Code? Open in Web Editor NEWCapsicum enhancements to Google's Chromium web browser
Home Page: http://www.cl.cam.ac.uk/research/security/capsicum/
License: BSD 3-Clause "New" or "Revised" License
chromium-capsicum's Introduction
Chromium-Capsicum README ------------------------ Chromium-Capsicum is an adapation of Google's Chromium web browser to use FreeBSD's Capsicum capability security primitives. This allows renderers (and in the future, other components) to execute in tightly-controlled sandboxes without the need for complex access control manipulations required when using traditional OS APIs. This should lead to more complete and more robust protection with significantly lower code complexity. Capsicum is a research project at the University of Cambridge Computer Laboratory, and sponsored by Google, Inc. Learn more at: http://www.cl.cam.ac.uk/research/security/capsicum/ WARNING: This is a research prototype, and should be used with caution. TODO: - Teach process management code about process descriptors... - ...allowing the Zygote to run cap_enable() out of EnterSandbox() rather than the renderer out of EnableSandbox(). - Fix closing of file descriptors when going from zygote to renderer in order to avoid leaking undesired rights into sandboxes. - Encapsulate desired file descriptors for renderers in constrained capabilities. - Consider switching back to SOCK_DGRAM from SOCK_SEQPACKET, as it appears only to be required because of limitations of the sandboxing models available on Linux. - Consider re-enabling X11 SHM and adding explicit copying from the POSIX SHM segments. - Determine whether chrome data packs are actually required in sandboxes, either as file descriptors or as memory mappings, and remove if not; they are currently wrapped in capabilities but perhaps are not needed at all. Longer-term considerations: - Use libcapability to launch sandboxes. - Delegate font directory capabilities to fontconfig rather than using a proxy service. - Extend X11 to support POSIX shared memory so that a single segment can be shared between {X11, browser, renderer} as is done with X11 SHM today when unsandboxed. - Explore additional process sandboxing present in the Mac / Windows models but not supported on Linux.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.