rwatson / chromium-capsicum Goto Github PK
View Code? Open in Web Editor NEWCapsicum enhancements to Google's Chromium web browser
Home Page: http://www.cl.cam.ac.uk/research/security/capsicum/
License: BSD 3-Clause "New" or "Revised" License
Capsicum enhancements to Google's Chromium web browser
Home Page: http://www.cl.cam.ac.uk/research/security/capsicum/
License: BSD 3-Clause "New" or "Revised" License
Chromium-Capsicum README ------------------------ Chromium-Capsicum is an adapation of Google's Chromium web browser to use FreeBSD's Capsicum capability security primitives. This allows renderers (and in the future, other components) to execute in tightly-controlled sandboxes without the need for complex access control manipulations required when using traditional OS APIs. This should lead to more complete and more robust protection with significantly lower code complexity. Capsicum is a research project at the University of Cambridge Computer Laboratory, and sponsored by Google, Inc. Learn more at: http://www.cl.cam.ac.uk/research/security/capsicum/ WARNING: This is a research prototype, and should be used with caution. TODO: - Teach process management code about process descriptors... - ...allowing the Zygote to run cap_enable() out of EnterSandbox() rather than the renderer out of EnableSandbox(). - Fix closing of file descriptors when going from zygote to renderer in order to avoid leaking undesired rights into sandboxes. - Encapsulate desired file descriptors for renderers in constrained capabilities. - Consider switching back to SOCK_DGRAM from SOCK_SEQPACKET, as it appears only to be required because of limitations of the sandboxing models available on Linux. - Consider re-enabling X11 SHM and adding explicit copying from the POSIX SHM segments. - Determine whether chrome data packs are actually required in sandboxes, either as file descriptors or as memory mappings, and remove if not; they are currently wrapped in capabilities but perhaps are not needed at all. Longer-term considerations: - Use libcapability to launch sandboxes. - Delegate font directory capabilities to fontconfig rather than using a proxy service. - Extend X11 to support POSIX shared memory so that a single segment can be shared between {X11, browser, renderer} as is done with X11 SHM today when unsandboxed. - Explore additional process sandboxing present in the Mac / Windows models but not supported on Linux.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.