canmove, Confirmed users
1,220
edits
Security/Sandbox/Process model: Difference between revisions
Security/Sandbox/Process model (view source)
Revision as of 02:54, 14 November 2018
, 14 November 2018→Parent process: update parent process details
Ptheriault (talk | contribs) (→Process Model: Update intro) |
Ptheriault (talk | contribs) m (→Parent process: update parent process details) |
||
| Line 4: | Line 4: | ||
For sandboxing to be an effective security control, Firefox is split into parent and child processes, such that the child processes responsible for running untrusted content can be restricted to limit damage in the event of compromise. The [https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox Electrolysis project] enabled moving parsing and execution of web content to a content process - and sandboxing is based off this process model. In general a child process is untrusted, and intended to run remote content. Each child process has a sandbox that prevents access to all but necessary system resources. The main focus of the sandbox project are child processes called "Web Content processes" - processes which parse and execute web content. However Firefox currently also makes use of several other types of sandboxed child process, and more are planned for future improvement. Below is a description of various processes used in Firefox. | For sandboxing to be an effective security control, Firefox is split into parent and child processes, such that the child processes responsible for running untrusted content can be restricted to limit damage in the event of compromise. The [https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox Electrolysis project] enabled moving parsing and execution of web content to a content process - and sandboxing is based off this process model. In general a child process is untrusted, and intended to run remote content. Each child process has a sandbox that prevents access to all but necessary system resources. The main focus of the sandbox project are child processes called "Web Content processes" - processes which parse and execute web content. However Firefox currently also makes use of several other types of sandboxed child process, and more are planned for future improvement. Below is a description of various processes used in Firefox. | ||
=== Parent | === Chrome process (Parent) === | ||
The Chrome (or | The Chrome (or "parent", "main" or "master) process - is named for where the browser’s “chrome” or UI is run - is the trusted process which controls interaction with the underlying operating system. The parent process is not sandboxed and has regular access to operating system in order to access files, devices and network resources as part of regular browser use. As such, this process should only ever run trusted code - all untrusted web content should be processed in a child process. The parent acts as a broker for privileged resource requests from the various child processes, mediating access to os resources - the checks which the parent applies prior to granting access to a resource are a critical part of the sandbox model (otherwise the child could ask the parent for a sensitive resource and bypass any sandbox restrictions). | ||
=== Web Content Process === | === Web Content Process === | ||