Closed Bug 387248 Opened 17 years ago Closed 10 years ago

[10.5] Consider using the Mac OS X Sandbox for improved security


(Firefox :: Security, enhancement)

Not set





(Reporter: u49640, Unassigned)





(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20070515 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20070515 Firefox/

The Apple page says
"Sometimes hackers try to hijack an application to run malicious code. Sandboxing helps ensure that applications do only what they’re intended to by restricting which files they can access, whether they can talk to the network, and whether they can be used to launch other applications. Helper applications in Leopard — including the network time daemon and the Spotlight indexer — are sandboxed to guard against attackers."

IMO it would be interesting to use this sandbox feature for Firefox on Mac OS X 10.5. (And probably on Windows Vista too)

This could limit the impact of security issues.

btw: no idea if this is the correct Component.

Reproducible: Always

Steps to Reproduce:
I think bug 266533 is the equivalent for Windows Vista.
Is this something that would need to happen on the application front-end, or would this be something that would happen in Core (and therefore Seamonkey and Camino would get it for free)?

Or some combination of both?
Confirming as a valid RFE.
Ever confirmed: true
Summary: Consider using the Mac OS X 10.5 Sandbox for improved security → [10.5] Consider using the Mac OS X Sandbox for improved security
I don't think this is what you think it is.

As I recall from WWDC, this is only used for background daemon apps -- it's similar to a chroot jail, to use *NIX terminology. Running inside this would break all sorts of things, if it's even possible.
While reading the following document I cannot see a reason why the sandbox mode could be useful:

The amount of available restrictions is too short and Firefox needs everything from the list.

Does Apple provide another API which could be used?
Hardware: Macintosh → All
Version: unspecified → Trunk
Apparently Google found Leopard's sandbox API to be very easy to work with:

If I am not mistaken, they just request all the resources needed for a process up-front and then enable sandbox, which prevents further access to system resources, but still allows the process to access any resources already owned.

Extensive changes needs to be made to Gecko to fully utilize the sandboxing facilities of OS X and other OSes, but a useful first step would be to spawn browser plugins into separate processes, which will not only protect users against exploits in components not under Mozilla's control, but also eliminate most browser crashes. Besides browser plugins, SpiderMonkey should also be sandboxed.
This bug depends on bug 478976
Users seem to estimated time too long ...

Run Firefox in a protected sandbox Web Browsers

this is a base policy for sandbox. I join another one based on the above but test on my setup (many plugins) and on the following web page
- google map
- Adobe flash page
- misc tabs ...

Bug: can't create new window ...

Logs are available in Macos console in "all messages" from sandboxd
Any news on this front especially conderning the current stagnation of 


and concerning the new approach on

Wouldn't it be worth to give a new impulse with one or two developers who can make this so far 32bit-only Add-On also 64bit-capable, since this Add-On is a _working solution_ but limited to 32bit (and the initial developer seems to have retired on this project)?
I'm duping this to the sandboxing meta bug since there's a couple of bugs concerning Sandboxing on OS X.
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.