[10.5] Consider using the Mac OS X Sandbox for improved security

RESOLVED DUPLICATE of bug 925570

Status

()

enhancement
RESOLVED DUPLICATE of bug 925570
12 years ago
5 years ago

People

(Reporter: u49640, Unassigned)

Tracking

Trunk
All
macOS
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

The Apple page says
"Sometimes hackers try to hijack an application to run malicious code. Sandboxing helps ensure that applications do only what they’re intended to by restricting which files they can access, whether they can talk to the network, and whether they can be used to launch other applications. Helper applications in Leopard — including the network time daemon and the Spotlight indexer — are sandboxed to guard against attackers."

IMO it would be interesting to use this sandbox feature for Firefox on Mac OS X 10.5. (And probably on Windows Vista too)

This could limit the impact of security issues.

btw: no idea if this is the correct Component.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.

Comment 1

12 years ago
I think bug 266533 is the equivalent for Windows Vista.
Is this something that would need to happen on the application front-end, or would this be something that would happen in Core (and therefore Seamonkey and Camino would get it for free)?

Or some combination of both?
Confirming as a valid RFE.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Consider using the Mac OS X 10.5 Sandbox for improved security → [10.5] Consider using the Mac OS X Sandbox for improved security
I don't think this is what you think it is.

As I recall from WWDC, this is only used for background daemon apps -- it's similar to a chroot jail, to use *NIX terminology. Running inside this would break all sorts of things, if it's even possible.
While reading the following document I cannot see a reason why the sandbox mode could be useful:

http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/sandbox_init.3.html#//apple_ref/doc/man/3/sandbox_init

The amount of available restrictions is too short and Firefox needs everything from the list.

Does Apple provide another API which could be used?
Hardware: Macintosh → All
Version: unspecified → Trunk

Comment 6

10 years ago
Apparently Google found Leopard's sandbox API to be very easy to work with:
http://blog.chromium.org/2009/06/google-chrome-sandboxing-and-mac-os-x.html

If I am not mistaken, they just request all the resources needed for a process up-front and then enable sandbox, which prevents further access to system resources, but still allows the process to access any resources already owned.

Extensive changes needs to be made to Gecko to fully utilize the sandboxing facilities of OS X and other OSes, but a useful first step would be to spawn browser plugins into separate processes, which will not only protect users against exploits in components not under Mozilla's control, but also eliminate most browser crashes. Besides browser plugins, SpiderMonkey should also be sandboxed.

Comment 7

10 years ago
This bug depends on bug 478976
Users seem to estimated time too long ...

Run Firefox in a protected sandbox Web Browsers  
http://www.macosxhints.com/article.php?story=20100318044558156

this is a base policy for sandbox. I join another one based on the above but test on my setup (many plugins) and on the following web page
- google map
- Adobe flash page
- misc tabs ...

Bug: can't create new window ...

Logs are available in Macos console in "all messages" from sandboxd

Comment 11

8 years ago
Any news on this front especially conderning the current stagnation of 

firefox-mac-pdf
https://addons.mozilla.org/en-US/firefox/addon/7518
http://code.google.com/p/firefox-mac-pdf

and concerning the new approach on

https://wiki.mozilla.org/Show_PDF_inline
https://wiki.mozilla.org/PDF.js
https://wiki.mozilla.org/PDF.js/Planning/1.0

Wouldn't it be worth to give http://code.google.com/p/firefox-mac-pdf a new impulse with one or two developers who can make this so far 32bit-only Add-On also 64bit-capable, since this Add-On is a _working solution_ but limited to 32bit (and the initial developer seems to have retired on this project)?

Comment 12

5 years ago
I'm duping this to the sandboxing meta bug since there's a couple of bugs concerning Sandboxing on OS X.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 925570
You need to log in before you can comment on or make changes to this bug.