Opened 2 years ago

Closed 2 years ago

#20794 closed task (invalid)

Track what mozilla is doing with their sandboxing efforts.

Reported by: yawning Owned by: yawning
Priority: Medium Milestone:
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://wiki.mozilla.org/Security/Sandbox is where their sandboxing efforts are. The goal of our sandboxing should be to augument such things, and not replace them.

Skimming the Linux stuff it looks like they want to use seccomp-bpf and namespaces *with* USER_NS. Life will get interesting/horrifying once non-USER_NS namespaces enter the picture, but till then, it's probably manageable.

Child Tickets

Change History (2)

comment:1 Changed 2 years ago by cypherpunks

It seems adding non-USER_NS is part of their plan: https://bugzilla.mozilla.org/show_bug.cgi?id=1151624

I'm still a bit disgusted that they go this route, using unprivileged user namespaces, rather than making use of CAP_CHROOT to enter a chroot. I mean that's gotta be among the least dangerous capabilities.

comment:2 Changed 2 years ago by yawning

Resolution: invalid
Status: newclosed

"The goal of our sandboxing should be to augument such things, and not replace them."

Is totally wrong in hindsight. Firefox is untrusted, thus anything that it does, needs to be replicated by something on the host system that is trusted, because Firefox shouldn't be trusted to handle securing itself.

Note: See TracTickets for help on using tickets.