How relevant are these site isolation related problems here?

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

How relevant are these site isolation related problems here?

Unread post by moonbat » 2021-11-22, 02:07

This article from June talks about how Firefox's sandboxing to achieve site isolation is full of holes compared to Chrome's more mature setup. How relevant are these problems to Pale Moon? Given as I understand from Moonchild's posts on the topic that running a separate process for each browser tab and relying on IPC from the operating system to interact with them results in more complicated code and bigger surface for exploits.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35473
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: How relevant are these site isolation related problems here?

Unread post by Moonchild » 2021-11-22, 08:18

Big phat N/A because sandboxing and site isolation in this context applies solely to multi-process browsing, and in particular multi-process browsing where rendering is off-loaded to a shared renderer process that isn't local to the content process but still uses shared memory for different content. Whether that is a separate GPU process or a "master" process is irrelevant as long as it's a different process that can be observed through a side channel.
As for other mitigations discussed, we (obviously) implement CORB as an integral part of our SOP, and require content-type matching; we mitigated fine clock granularity way before Mozilla did; background tabs are throttled which prevents pretty much all cross-tab side-channel speculation (although that has been a side effect of necessary performance considerations when running single-process, something that was generally dropped on the floor when going multi-process); isolated content containers are obviously a thing in any multi-document browser or it would be totally insecure to use.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked