One of the defining features of Google’s Chrome web browse is its sandboxing feature. You probably won’t realise it’s there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you’ve got a hole in the browser, but thanks to sandboxing, you’re pretty much locked in – until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a “complicated affair”, says Chromium developer Jeremy Moskovich, but for the Mac version, it’s all a bit easier and more straightforward. On Linux, however, it’s a mess.
If you browse through the Chromium source code, you’ll find the code relating to Windows sandboxing in the
/sandbox directory in the source tree, and it consists of about 100 files. For Linux, Moskovich explains, the situation is a mess because there are several different mechanisms available, and each distribution (of course…) ships with a different mechanism – or none at all. “Finding a mechanism that is guaranteed to work on end-user’s machines is a challenge,” Moskovich adds. The wiki page for Chromium sandboxing on Linux details various mechanisms they’re considering – for now, Chrome on Linux does not do sandboxing.
On the Mac OS X side of things, the situation looks a lot brighter. The operating system’s sandboxing APIs are “easy and straightforward”, and makes use of
sandbox_init(), “specifying which resources to block for a specific process. In our case we lock down the process pretty tightly. That means no network access, and very limited or no access to files and Mach ports.” After this it gets a bit technical, so to prevent misquoting or errors on my end, I suggest you read the rest of the blog post to get an idea of how it works on Mac OS X.
Again, we see a case where the fragmentation in Linux as a hindrance to companies releasing software for the platform. While Linux’ diversity on all levels is a blessing in that it allows for natural selection and competition, it’s also a curse for developers trying to write an application that can work well on as many distributions as possible.