Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 3807
Joined: Tue Oct 09, 2012 7:37 pm

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby New Tobin Paradigm » Sat Mar 18, 2017 8:24 pm

Everything the Main process can do the sub-processes can do.. The sandboxing you are mentioning applies to exactly what and how the processes can intercommunicate with each other. As for powers granted to content scripting vs chrome scripting that is a different matter. Though in an e10s setup it would need to obey interprocess communication.. But the processes talking to each other is not the same as the process talking to the system or the a fore mentioned powers granted to content and chrome.

Basically, your facts are uncoordinated.
[ T O B I N W A V E ]

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19943
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby Moonchild » Sat Mar 18, 2017 11:53 pm

Web content (web pages) operate in a separated environment inside the browser by design. This is essential for any web browser.
Without going into the technicalities of containers and wrappers, you can simply say that every website runs in its own individual sandbox. No, scripts won't have access to the file system. If that was possible then any malicious website could openly read all your files, overwite your data, or install software without you being any wiser.

The "perceived security" of web content running in its own process is assuming that this sandboxing mechanism fails or even worse, so people don't have to develop security-aware systems to contain page content because the process it runs in is (supposed to be) a restricted process (that in itself is also a fallacy because the elaborate communication between main process and content process has no guarantee of being flawless either, although it may make things slightly less straightforward once a script breaks out of its web content context). This is once again fighting a symptom, not the cause -- and assuming that the browser code isn't or can't be made secure on its own. Similar to assuming the browser would be crash-y. It follows the same vein there, focusing on picking up the pieces rather than preventing that things break to begin with.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

User avatar
smolnyn
Apollo supporter
Apollo supporter
Posts: 37
Joined: Fri Jan 13, 2017 9:15 pm
Location: Pinerolo, Torino, Italia

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby smolnyn » Sun Mar 19, 2017 1:08 am

Moonchild wrote:Web content (web pages) operate in a separated environment inside the browser by design. This is essential for any web browser.
Without going into the technicalities of containers and wrappers, you can simply say that every website runs in its own individual sandbox. No, scripts won't have access to the file system. If that was possible then any malicious website could openly read all your files, overwite your data, or install software without you being any wiser.

The "perceived security" of web content running in its own process is assuming that this sandboxing mechanism fails or even worse, so people don't have to develop security-aware systems to contain page content because the process it runs in is (supposed to be) a restricted process (that in itself is also a fallacy because the elaborate communication between main process and content process has no guarantee of being flawless either, although it may make things slightly less straightforward once a script breaks out of its web content context). This is once again fighting a symptom, not the cause -- and assuming that the browser code isn't or can't be made secure on its own. Similar to assuming the browser would be crash-y. It follows the same vein there, focusing on picking up the pieces rather than preventing that things break to begin with.

Thank you so much for all inclusive and light shows :)

User avatar
smolnyn
Apollo supporter
Apollo supporter
Posts: 37
Joined: Fri Jan 13, 2017 9:15 pm
Location: Pinerolo, Torino, Italia

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby smolnyn » Sun Mar 19, 2017 1:17 am

Matt A Tobin wrote:Everything the Main process can do the sub-processes can do.. The sandboxing you are mentioning applies to exactly what and how the processes can intercommunicate with each other. As for powers granted to content scripting vs chrome scripting that is a different matter. Though in an e10s setup it would need to obey interprocess communication.. But the processes talking to each other is not the same as the process talking to the system or the a fore mentioned powers granted to content and chrome.

Basically, your facts are uncoordinated.

Forgive my ignorance, but I can not understand your explanation. Do you could re-explain in the simplest way for me? Thanks for the kindness. :oops: :)

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 3807
Joined: Tue Oct 09, 2012 7:37 pm

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby New Tobin Paradigm » Sun Mar 19, 2017 5:02 am

Moonchild said what I was thinking. His post obsoletes mine.
[ T O B I N W A V E ]

User avatar
smolnyn
Apollo supporter
Apollo supporter
Posts: 37
Joined: Fri Jan 13, 2017 9:15 pm
Location: Pinerolo, Torino, Italia

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby smolnyn » Sun Mar 19, 2017 1:05 pm

Matt A Tobin wrote:Moonchild said what I was thinking. His post obsoletes mine.

An exploit is able to get to the contents of the hard drive, by the method described in the article that the link points?
https://en.wikipedia.org/wiki/Blackhole_exploit_kit

If not, then the only thing that is likely for user's browser is reading the cookies, bookmarks, or, at worst, a keylogging activities?

User avatar
smolnyn
Apollo supporter
Apollo supporter
Posts: 37
Joined: Fri Jan 13, 2017 9:15 pm
Location: Pinerolo, Torino, Italia

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby smolnyn » Sun Mar 19, 2017 1:38 pm

smolnyn wrote:
Matt A Tobin wrote:Moonchild said what I was thinking. His post obsoletes mine.

An exploit is able to get to the contents of the hard drive, by the method described in the article that the link points?
https://en.wikipedia.org/wiki/Blackhole_exploit_kit

If not, then the only thing that is likely for user's browser is reading the cookies, bookmarks, or, at worst, a keylogging activities?

If that is so then, in my ignorance, I think that sandboxing processes follow the path of a more commercial "requirement" in the "war of the browser" rather than a real need for technical security of their personal data, ignoring the problem of navigation tracking through the scripts that did not bother me much. Eventually a Linux user can - with due caution - not worry also to use a non-up-to-date browser?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 19943
Joined: Sun Aug 28, 2011 5:27 pm
Location: 58.5°N 15.5°E
Contact:

Re: Multiprocess and sandboxing design: PALEMOON BROWSER AT A CROSSROADS.

Postby Moonchild » Sun Mar 19, 2017 10:02 pm

Off-topic:
"Blackhole exploit kit" is just a collective name of a number of individual exploits against older/obsolete or not updated software with known vulnerabilities.
This "kit" focuses on using those vulnerabilities to drop trojans and other malware on a user's system. Delivering this malware can be difficult, and an updated, secure browser will prevent this. Depending on the vulnerabilities exploited and the prevalence and severity of these vulnerabilities, any browser that is not current or not updated can pose a risk.
That has, however, absolutely nothing to do with this topic of multiprocess/sandboxing and is more a question of general software security.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.


Return to “General discussion”

Who is online

Users browsing this forum: arnomedia and 5 guests