FoxInABox: Difference between revisions

Jump to navigation Jump to search

FoxInABox (view source)

Revision as of 00:34, 12 December 2013

5,659 bytes removed ,  12 December 2013
Replaced content with "This page is retired. Please see Security/Sandbox."
(→‎Who we are: Fix list address.)
(Replaced content with "This page is retired. Please see Security/Sandbox.")
Line 1: Line 1:
[[File:Foxinabox.png|thumb||alt=The fox cannot escape the box.|The fox is safe in the sandbox. The fox cannot escape.]]
This page is retired. Please see [[Security/Sandbox]].
 
= Sandboxing Firefox=
 
This page tracks and explain how sandboxing is being worked on for Firefox (OS, Desktop, etc.)
 
= Status =
 
Tracking bug for desktop Firefox: {{bug|925570}}.
Tracking bug for Firefox OS: {{bug|790923}}.
 
=== Firefox OS / B2G ===
* {{done|Land Library}} {{bug|742434}}
* {{done|Tie in to process model}} {{bug|790923}}
* {{ok|List and prioritize permissions to shut off}}
* {{ok|Burn down permission list}}
* {{ok|implement unit tests for sandbox}}
* {{ok|enable build/test devices (tbpl) to test with sandboxing}}
 
Dependencies (see {{bug|918680}} for details):
<bugzilla>
{
  "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "RESOLVED", "REOPENED"],
  "blocks": "918680",
  "include_fields": "id, summary, status"
}
</bugzilla>
 
Permission Burndown permission list (see http://hg.mozilla.org/mozilla-central/file/40c7c53fe9b0/security/sandbox/seccomp_filter.h for current list):
{| class="wikitable"
|-
| ioctl() || High || Mainly used for GL/Graphics. To be removed or/and argument-filtered, see {{bug|920372}}
|-
| fstat64(), stat64(), access() || Med || Information leak. Tells the process if a file/path exists, and its attributes (inode, etc. See man fstat64)
|-
| getdents64() || Med || Information leak. Lists directories.
|-
| sigprocmask() || Med || Change signals. We don't want signals to be rerouted in general.
|-
| open() || High || FS access: Open files.
|-
| prctl() || Med || Change process attributes, including security relevant bits. Note: when removed, this means no child process can tighten it's whitelist further either.
|-
| unlink() || High || FS access: Delete files.
|-
| getpriority(), setpriority() || Med || Access priority attributes from target processes.
|-
| sched_setscheduler() || Med || Change scheduling policy/params of target processes.
|}
Note: More syscalls could be removed as some of them, while not a direct security issue, may lead to access to a kernel bug, for example, see do_brk()'s CVE-2003-0961)
 
 
 
=== Linux Firefox ===
* {{done|Land Library}} {{bug|742434}}
* {{done|Tie in to process model}}
* {{ok|List and prioritize permissions to shut off}}
* {{ok|Burn down permission list}}
 
Permission burn down list (see {{bug|942695}} for details):
<bugzilla>
{
  "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "RESOLVED", "REOPENED"],
  "blocks": "942695",
  "include_fields": "id, summary, status"
}
</bugzilla>
 
 
=== Windows Firefox ===
* {{done|Land [http://www.chromium.org/developers/design-documents/sandbox Library]}} {{bug|922756}}
* {{ok|Start using library to sandbox e10s processes unrestricted}} {{bug|925571}}
* {{new|Tie in to process model}}
* {{new|List and prioritize permissions to shut off}}
* {{new|Burn down permission list}}
 
Permission List:
* {{ok|Use a separate Windows Desktop within the same Windows Station}} - {{bug|928061}}
* {{ok|Use a separate Windows Station + Desktop}} - {{bug|928055}}
* {{ok|Set low integrity on content processes for Windows sandboxing policy}} - {{bug|928062}}
* more not yet posted
 
=== MacOS X Firefox ===
* {{new|Land Library}} -- {{bug|387248}}
* {{new|Tie in to process model}}
* {{new|List and prioritize permissions to shut off}}
* {{new|Burn down permission list}}
 
Permission List:
{|
|TBD
|}
 
=== Common to all platforms ===
* {{ok|Add a preference to selectively enable/disable content sandboxing}} -- {{bug|928042}}
 
=== Additional Pieces ===
These are some things that we need to attack next (after a basic sandbox).
* GPU remoting (TBD)
* Accessibility support
* Addon support path
* Process Model (evolving? 2? Per-Tab?)
* Incremental tightening plan
* Child process resource limits
* DevTools support
 
= Resources =
== Sandboxing ==
* [[Features/Security/Low_rights_Firefox]] -- {{bug|730956}}
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's sandboxing page]
* [https://github.com/mozilla/servo/wiki Servo]
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]
* [[B2G/Architecture/System_Security/Seccomp|seccomp sandboxing on b2g]]
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]
 
=== Archived ===
* [https://docs.google.com/document/d/1opnXiB9qSEtqQKABx3A3gQmuzbUjCkxcVqYaRUYF-8I/edit?usp=sharing One page overview]
* [https://docs.google.com/document/d/1q8ZK1eDHOHXB7-chKKdK1cyUl56hTmN7XDUe6pE10hI/edit?usp=sharing FAQ]
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Standing meeting notes]
* [https://docs.google.com/a/mozilla.com/document/d/14E5ERudaZrx-qcOLttXGkV6DgHIyp3h9IZoqnhuO7X8/edit Process Model]
* [https://docs.google.com/a/mozilla.com/document/d/1xkRd6xs_QQtBWdo0IIwjdDOnhTvQTDsyt-t_qR7Sw64/edit Addon Strategy]
* [[FoxInABox/ThingsThatShouldWork]]
 
== Related projects ==
* [[Electrolysis]]
* [[http://billmccloskey.wordpress.com/2013/12/05/multiprocess-firefox/]]
* [[Embedding/IPCLiteAPI]], [https://github.com/tmeshkova/mozilla-central https://github.com/tmeshkova/mozilla-central]
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] - has links to papers on Native Client's design and use of SFI, as well as papers on SFI itself
* [[AMO/Squeaky]], or Make Addons Awesome
 
== How things work ==
* [https://developer.mozilla.org/en-US/docs/IPDL/Tutorial IPDL Tutorial]
* [https://developer.mozilla.org/en-US/docs/DocShell DocShell]
 
= Who we are =
Some folks from the [[SecurityEngineering]] team: briansmith, mmc, keeler, grobinson, ckerschb, sid, and bbondy.
 
* Mailing list: boxing@mozilla.org
* IRC: irc.mozilla.org #boxing
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/787233"

Navigation menu