Forgot your password?
typodupeerror
Unix Google Security Technology

New Sandbox Framework For Chromium Released 109

Posted by Soulskill
from the spicy-security dept.
Trailrunner7 writes "As applications have become more and more complex in recent years and Web browsers have evolved into operating systems unto themselves, the task of securing desktop environments has become increasingly difficult. And while there's been quite a bit of innovation on Windows security, advances in Unix security have been less common of late. But now, a group of researchers from Google and the University of Cambridge in England have developed a new sandboxing framework called Capsicum, designed specifically to provide better security capabilities on Unix and Unix-derived systems (PDF). Capsicum is the work of four researchers at Cambridge and the framework extends the POSIX API and introduces a number of new Unix primitives that are meant to isolate applications and users and handle rights delegation in a better way. The research, done by Robert N.M. Watson, Ben Laurie, Kris Kennaway and Jonathan Anderson, was supported by Google, and the researchers have added some of the new Capsicum features to a version of Google's Chromium browser in order to demonstrate the functionality."
This discussion has been archived. No new comments can be posted.

New Sandbox Framework For Chromium Released

Comments Filter:
  • Chromium Browser? (Score:2, Insightful)

    by Flea of Pain (1577213) on Friday August 13, 2010 @04:10PM (#33245130)

    Is this supposed to be the Google Chrome browser? Or do they mean literally a browser in their upcoming OS Chromium?

  • by xMilkmanDanx (866344) on Friday August 13, 2010 @04:16PM (#33245224) Homepage
    The point being sandboxed applications which deal with unknown, insecure content (i.e. the web) can keep said content from affecting anything outside the sandbox.
  • by Anonymous Coward on Friday August 13, 2010 @04:41PM (#33245558)

    I presume that you didn't actually read the API man pages. The interface follows squarely in the footsteps of the Unix design philosophy. No PID semantics are being changed, either. They've introduced process descriptors which, among other things, allow you to poll for process exit. They allow you to attach restrictions to descriptors, presumably so that a broker could open resources (files, sockets), restrict the allowable operations, and then pass them to sandboxed applications over a domain socket. It's all quite simple and powerful and exactly what I would love to see incorporated into POSIX.

  • by IamTheRealMike (537420) <mike@plan99.net> on Friday August 13, 2010 @04:41PM (#33245564) Homepage
    Both Android and ChromeOS are based on UNIX but neither expose POSIX as an API, so researching ways to change for the better seems like a good use of time.
  • by iamhigh (1252742) on Friday August 13, 2010 @04:42PM (#33245572)

    Web browsers have evolved into operating systems unto themselves

    Really? I am unaware of a (common) browser that is able to do much more than work with data...

    Let's try to leave the the analogies used to educated luddites out of summaries intended for people that *KNOW* the difference between an OS and an application.

  • by wowbagger (69688) on Friday August 13, 2010 @04:57PM (#33245744) Homepage Journal

    Y'know, I'm really glad Google wants to provide a new API for managing security. We need somebody to do this for us - somebody who really knows security, somebody who may as well have security as their middle name [nsa.gov], to come out with an API framework for Mandatory Access Controls [nsa.gov], preferably built right into th operating system kernel of a [fedoraproject.org] major [debian.org] distribution [gentoo.org].

    Yes, I'm really glad Google took the initiative on this.

  • by Anonymous Coward on Friday August 13, 2010 @05:12PM (#33245926)

    ... there's been quite a bit of innovation on Windows security ...

    What? There has? Do you mean the way it now asks me 'Are you sure you want to give this application a chance to destroy your computer? Y/N' and if I say 'No' I can't use the application?
    I mean, if I really want to run that application I have no choice but to click 'Yes' and then if it was a virus after all I'm screwed.
    What I'd want is a way to have more control over the program. Maybe put it in a sandbox and trick it into thinking it's got full privileges even though it's really sandboxed so it won't crash or maybe just set advanced settings for that specific application to disallow it from writing to specific registry/files/network/other process' memory.

  • by Thundersnatch (671481) on Friday August 13, 2010 @05:55PM (#33246462) Journal

    What I'd want is a way to have more control over the program. Maybe put it in a sandbox and trick it into thinking it's got full privileges even though it's really sandboxed so it won't crash or maybe just set advanced settings for that specific application to disallow it from writing to specific registry/files/network/other process' memory.

    Which is... umm... pretty much exactly what Windows Vista, Windows 7, and Windows Server 2008 can do.

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...