Chrome Sandboxing: Easy on Mac OS X, a Mess on Linux

One of the defining features of Google’s Chrome web browse is its sandboxing feature. You probably won’t realise it’s there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you’ve got a hole in the browser, but thanks to sandboxing, you’re pretty much locked in – until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a “complicated affair”, says Chromium developer Jeremy Moskovich, but for the Mac version, it’s all a bit easier and more straightforward. On Linux, however, it’s a mess.

If you browse through the Chromium source code, you’ll find the code relating to Windows sandboxing in the /sandbox directory in the source tree, and it consists of about 100 files. For Linux, Moskovich explains, the situation is a mess because there are several different mechanisms available, and each distribution (of course…) ships with a different mechanism – or none at all. “Finding a mechanism that is guaranteed to work on end-user’s machines is a challenge,” Moskovich adds. The wiki page for Chromium sandboxing on Linux details various mechanisms they’re considering – for now, Chrome on Linux does not do sandboxing.

On the Mac OS X side of things, the situation looks a lot brighter. The operating system’s sandboxing APIs are “easy and straightforward”, and makes use of sandbox_init(), “specifying which resources to block for a specific process. In our case we lock down the process pretty tightly. That means no network access, and very limited or no access to files and Mach ports.” After this it gets a bit technical, so to prevent misquoting or errors on my end, I suggest you read the rest of the blog post to get an idea of how it works on Mac OS X.

Again, we see a case where the fragmentation in Linux as a hindrance to companies releasing software for the platform. While Linux’ diversity on all levels is a blessing in that it allows for natural selection and competition, it’s also a curse for developers trying to write an application that can work well on as many distributions as possible.

I personally tested the recent Mac builds of Chromium on my Intel Mac (PPC is not supported because the V8 JavaScript engine isn’t available for PPC), and while it rendered pages just fine, it was still full of bugs and crashed constantly. My guess is that any final release for the Mac is still a way off, with the Linux version taking even longer.

61 Comments

  1. kragil 2009-06-03 11:57 am EST
    • SlackerJack 2009-06-03 12:28 pm EST
      • fretinator 2009-06-03 2:18 pm EST
        • Lunitik 2009-06-03 3:34 pm EST
          • boldingd 2009-06-03 3:51 pm EST
          • MattPie 2009-06-03 4:34 pm EST
          • Finalzone 2009-06-03 7:42 pm EST
          • boldingd 2009-06-03 8:59 pm EST
          • segedunum 2009-06-03 5:56 pm EST
          • ichi 2009-06-03 6:32 pm EST
          • Finalzone 2009-06-03 7:50 pm EST
        • Finalzone 2009-06-03 7:33 pm EST
          • fretinator 2009-06-03 8:07 pm EST
          • lsatenstein 2009-06-05 6:39 pm EST
        • xaoslaad 2009-06-04 3:23 am EST
  2. Moredhas 2009-06-03 12:11 pm EST
    • WereCatf 2009-06-03 2:09 pm EST
      • boldingd 2009-06-03 3:56 pm EST
        • Moredhas 2009-06-03 9:26 pm EST
      • zombie process 2009-06-03 5:09 pm EST
  3. werfu 2009-06-03 12:13 pm EST
    • jokkel 2009-06-04 7:04 am EST
  4. l3v1 2009-06-03 12:16 pm EST
  5. boudewijn 2009-06-03 12:21 pm EST
    • bnolsen 2009-06-03 12:27 pm EST
  6. thecwin 2009-06-03 12:25 pm EST
    • werfu 2009-06-03 12:34 pm EST
  7. robmv 2009-06-03 1:00 pm EST
    • ariya 2009-06-03 1:31 pm EST
    • Bill Shooter of Bul 2009-06-04 2:15 am EST
    • MatzeB 2009-06-04 7:26 am EST
  8. robinh 2009-06-03 1:06 pm EST
    • ariya 2009-06-03 1:33 pm EST
    • righard 2009-06-03 1:36 pm EST
    • matthekc 2009-06-03 7:55 pm EST
    • MechR 2009-06-03 8:39 pm EST
  9. kandrei 2009-06-03 1:50 pm EST
    • Kroc 2009-06-03 2:17 pm EST
    • vivainio 2009-06-03 2:32 pm EST
      • Delgarde 2009-06-03 10:09 pm EST
    • kaiwai 2009-06-03 5:17 pm EST
    • Soulbender 2009-06-03 7:01 pm EST
    • Sabon 2009-06-03 7:28 pm EST
    • kandrei 2009-06-04 5:33 am EST
  10. aeischeid 2009-06-03 2:37 pm EST
    • fretinator 2009-06-03 3:06 pm EST
      • No it isnt 2009-06-03 3:58 pm EST
      • MamiyaOtaru 2009-06-04 7:49 am EST
  11. Bit_Rapist 2009-06-03 2:45 pm EST
    • ba1l 2009-06-03 3:24 pm EST
  12. Mark Williamson 2009-06-03 3:08 pm EST
  13. po134 2009-06-03 3:09 pm EST
  14. rexstuff 2009-06-03 4:17 pm EST
    • puenktchen 2009-06-04 10:04 am EST
  15. cjcox 2009-06-03 4:33 pm EST
  16. jabbotts 2009-06-03 6:10 pm EST
  17. Soulbender 2009-06-03 7:14 pm EST
    • FooBarWidget 2009-06-05 8:20 am EST
  18. MollyC 2009-06-03 8:53 pm EST
  19. james_parker 2009-06-03 11:50 pm EST
  20. cycoj 2009-06-06 1:15 am EST