Hi all, Security Engineering has started a project to harden Firefox against attack in a post-sandboxed world. It’s early days yet for sandboxing, but conscious of the work required, I wanted to raise sandboxing as a topic for discussion, and request input towards developing a sandbox security model.
The goal of the hardening project is to make Firefox resilient, even when a content process is compromised. Having a restrictive sandbox is not an effective security control, if a weak security model or IPC implementation flaws lead to privilege escalation. To this end, several efforts are underway: - Auditing and Testing IPC mechanisms, including: - Improving fuzzers to focus on IPC bugs (1320851) - Auditing IPC mechanisms (IPDL 1041862, MessageManager 1040184) - Reviewing Firefox components to with respect to sandbox controls In this latter task, I’ve started documenting the sandbox security model at [1] & [2]. [2] is very much a work in progress however. I’ve contacted some groups directly, but would appreciate any input here. Please seek me out via email, at the all hands (Firefox homeroom) and/or attend the combined session we are running with the Platform Integration team on Friday 1pm [3]. Thanks, Paul [1] https://wiki.mozilla.org/Security/Sandbox/Process_model <https://wiki.mozilla.org/Security/Sandbox/Process_model> [2] https://wiki.mozilla.org/Security/Sandbox/Hardening <https://wiki.mozilla.org/Security/Sandbox/Hardening> WIP, please help! [3] https://hawaiiallhands2016.sched.org/event/930G/securing-the-sandbox <https://hawaiiallhands2016.sched.org/event/930G/securing-the-sandbox> _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform