Hi all,
Security Engineering has started a project to harden Firefox against attack in
a post-sandboxed world. It’s early days yet for sandboxing, but conscious of
the work required, I wanted to raise sandboxing as a topic for discussion, and
request input towards developing a sandbox security model.
The goal of the hardening project is to make Firefox resilient, even when a
content process is compromised. Having a restrictive sandbox is not an
effective security control, if a weak security model or IPC implementation
flaws lead to privilege escalation. To this end, several efforts are underway:
- Auditing and Testing IPC mechanisms, including:
- Improving fuzzers to focus on IPC bugs (1320851)
- Auditing IPC mechanisms (IPDL 1041862, MessageManager 1040184)
- Reviewing Firefox components to with respect to sandbox controls
In this latter task, I’ve started documenting the sandbox security model at [1]
& [2]. [2] is very much a work in progress however. I’ve contacted some groups
directly, but would appreciate any input here. Please seek me out via email, at
the all hands (Firefox homeroom) and/or attend the combined session we are
running with the Platform Integration team on Friday 1pm [3].
Thanks,
Paul
[1] https://wiki.mozilla.org/Security/Sandbox/Process_model
<https://wiki.mozilla.org/Security/Sandbox/Process_model>
[2] https://wiki.mozilla.org/Security/Sandbox/Hardening
<https://wiki.mozilla.org/Security/Sandbox/Hardening> WIP, please help!
[3] https://hawaiiallhands2016.sched.org/event/930G/securing-the-sandbox
<https://hawaiiallhands2016.sched.org/event/930G/securing-the-sandbox>
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
