posted by David Adams on Mon 14th Jun 2010 15:05 UTC, submitted by andreas
The MacOSX sandbox functionality is not talked about, and there exists almost zero documentation on the subject. As Google Chrome uses it to contain it browser, so could any other app. The goal of the ironfox project is to provide the user with a secured Firefox, but still let the user browse the web without the sandbox interfering. It does this by white-listing all the actions that Firefox may do. Should the user's browser be compromised by a vulnerability in Flash or Java, the sandbox would prevent it from leaking any data or executing binaries, preventing system compromise. To break the sandbox the attacker would likely need to have a exploit for the browser and a kernel exploit that would work within the context of the sandbox. The policy is included in the package and should give the user great insights in the workings of the sandbox. It only works in 10.6 but could be backported to 10.5 without much trouble, as both have the seatbelt/sandbox kernel module.