Linked by Thom Holwerda on Wed 3rd Jun 2009 11:21 UTC, submitted by Hakime
Google One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
Thread beginning with comment 366795
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Security
by WereCatf on Wed 3rd Jun 2009 14:09 UTC in reply to "Security"
Member since:

Might I suggest that, in terms of security at least, sandboxing in Chrome on Linux is probably a waste of time and resources? Read any sampling of a dozen OSNews comments to see the same old (and mostly true) security arguments trotted out before you, but the only benefit I can see to sandboxing in a Linux web browser would be isolating plugins and tabs from eachother so our pathetic excuse for a Flash plugin causes less headaches when it crashes - and I'm not even sure if that's called "sandboxing", or if it is, if it's the same context!

So, your argument for not using sandboxing is that it's hard to get root user account even if something breaks out of the browser? Well, that's a REALLY poor argument. The most valuable information on any computer is the users' files and if anything breaks out of the browser it doesn't need root account to read any of the users' files.

Reply Parent Score: 7

RE[2]: Security
by boldingd on Wed 3rd Jun 2009 15:56 in reply to "RE: Security"
boldingd Member since:

I agree completely. If we, the community of Linux users, want to smugly brag about our platform's excelent security, then it really should support (and support easily!) powerful techniques for limiting the damage that can be done by compromising one of the OS's weakest points, as far as security is concerned. It's a good point that I really don't want someone who compromises my browser to be able to read my files (or, for that matter, to check in on my browser's cached data, or peek at what's going on in other tabs, since I do, for example, my banking on-line).

Reply Parent Score: 0

RE[3]: Security
by Moredhas on Wed 3rd Jun 2009 21:26 in reply to "RE[2]: Security"
Moredhas Member since:

Sorry, I posted that well past my bed time ;) . Trying to sound eloquent, I came off looking like more of an idiot than usual. I wasn't thinking of browser cache or flash cookies and such. I'm surprised sandboxing should be so hard in Linux though...

Reply Parent Score: 2

RE[2]: Security
by zombie process on Wed 3rd Jun 2009 17:09 in reply to "RE: Security"
zombie process Member since:

How did you get that out of the OP's argument? I didn't get much at all from it, but I didn't see anything about root, etc.

Reply Parent Score: 2