What is a browser sandbox

What is it

Sandbox, also known as Sandbox, is an execution environment that restricts program behavior by security policy. The practical application process of "sandbox" technology is: Let the suspected virus file suspicious behavior in the virtual "sandbox" to fully run, "sandbox" will note its every action; When the suspected virus fully exposes its virus attributes, the "sandbox" will perform a "rollback" mechanism: the virus traces and actions erased, restore the system to normal state.

Ps:sandbox is not Sandboxie,sandboxie is a professional sandbox software.

Security Policy

1. You cannot run any local executable program.

2. You cannot read any information from the local computer's file system or write any information to the local computer's file system.

3. You cannot view any information about the local computer except Java version information and a few harmless operating system details. In particular, the code in the sandbox cannot view information such as user names, e-mail addresses, and so on.

4. A program that is loaded remotely cannot communicate with any host other than the server on which the download program is located, which is known as the source host (originating host). This rule is often referred to as "remote code can only talk to family" this rule will ensure that users will not be probed into the internal network resources (in Java SE 6, the Java WEB Start application can connect to other networks, but must get the user's consent).

Simply say that you can not write, can't read, not to see.

for what

In Chrome, for example, Chrome uses a multi-process structure with the following types of processes:

1. Main process: Responsible for all resource management, system interaction, including bookmark, cookie, history management, etc., the latter includes screen drawing, processing keyboard/mouse input, Internet connection, etc. (not run in Chrome's sandbox.) ）

2. Web rendering Process: Responsible for all web related tasks such as HTML parsing, JavaScript execution, image decoding, page layout, and so on. All such processes are forced to run in the sandbox. The connection to the user, the system is not directly (and cannot be done directly), but rather through the IPC (interprocess communication) The request is sent to the main process.

3. Plugin process: Each plugin corresponds to one such process, which is dynamically created and destroyed. Most of the current plugin need direct operating system resources, such as Flash plugin will open the camera, download temporary files to the hard disk, etc., so the plugin process is not running in the sandbox.

4. Extension process: A special web rendering process.

Ps:extension itself can be a Web page, installed after the run in the sandbox, but the click on the Extension button may start additional processes, the operation is not necessarily in the sandbox.

The summary is that only web-related tasks (rendering processes) run in the Chrome sandbox. Chrome's sandbox is based on the mechanism provided by the operating system itself, according to the operating system itself provides the relevant APIs, restricting the permissions of the process, such as the process can not access any files, unable to get user input, unable to hook other processes, unable to create child processes, etc. Chrome's sandbox maximizes the use of these restrictions.

Limit:

1. It mainly guards against malicious code damage to the system, not many other types of security problems. For example: Malicious code can get all the cookies from the main process and send them through the main process.

2. If the operating system API itself is compromised, Chrome's sandbox is naturally worn.

3. The plugin process is not protected by sandboxing, so malicious code that exploits plugin vulnerabilities can attack on Chrome.

PS: This article just make a note, only learn, if wrong, please correct me.

What is a browser sandbox