Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chrome Throws Flash Into the Sandbox

CmdrTaco posted more than 2 years ago | from the with-a-pail-and-shovel dept.

Google 109

wiredmikey writes "Google announced today that it will be extending Chrome's sandboxing technology to include the Flash Player plug-in. 'Sandboxing' technology is a method of isolating an application from the rest of the operating system and tightly controlling its resources. According to Google, the new sandboxing feature adds an additional layer of protection and will help protect users against malicious pages that attempt to hijack systems or steal information from the system."

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

But I thought (0, Offtopic)

Mesa MIke (1193721) | more than 2 years ago | (#34576028)

that Chome was "as good as dead"?

Re:But I thought (1)

Geoffrey.landis (926948) | more than 2 years ago | (#34576044)

that Flash was 'as good as dead"?

Re:But I thought (1)

Crudely_Indecent (739699) | more than 2 years ago | (#34577256)

Flash, ChromeOS, COBOL....

This is Slashdot - where unless it's tomorrow, it's yesterday.

Re:But I thought (1)

krazytekn0 (1069802) | more than 2 years ago | (#34576062)

I'm assuming they are talking about Chrome the browser not ChromeOS

Re:But I thought (1)

Tubal-Cain (1289912) | more than 3 years ago | (#34583480)

Probably both.

Re:But I thought (0)

Anonymous Coward | more than 2 years ago | (#34576148)

that Chome was "as good as dead"?

That was ChromeBSD.

Re:But I thought (1)

tehcyder (746570) | more than 3 years ago | (#34585252)

that Chome was "as good as dead"?

That was ChromeBSD.

Does Netcraft confirm this?

Flex apps? (1)

KublaiKhan (522918) | more than 2 years ago | (#34576042)

That'll be helpful if it supports Flex-framework apps (which it should, given that they run in the flash player).

I've been developing a flex app for the Blackberry Playbook that's coming out in February; the ability to port it to the chrome store without much extra work would be handy.

Re:Flex apps? (1)

Eponymous Coward (6097) | more than 2 years ago | (#34577098)

Maybe you can explain this to me: what's the Chrome store other than a bunch of bookmarks?

Re:Flex apps? (3, Interesting)

KublaiKhan (522918) | more than 2 years ago | (#34577596)

Some of the applications are glorified bookmarks; others--the 'plugins'--extend functionality of the browser itself.

For instance, there's a plugin that allows interface to the system's ping, ping6, traceroute, traceroute6, whois, and a couple of other net-centric functions. It includes some friendly interfacing, and it's smart enough to grab the current tab's URL as the target when invoked.

If the 'plugin' functionality could invoke a flash app, that would work well for more complex programs, and would be helpful for ChromeOS installations--corporate users could invoke custom corporate clients, for instance.

Re:Flex apps? (1)

DragonWriter (970822) | more than 2 years ago | (#34578362)

Maybe you can explain this to me: what's the Chrome store other than a bunch of bookmarks?

Its a curated, annotated list of bookmarks (for installable hosted web apps) and download links (for packaged apps [google.com] ).

Plus, of course, it has functions associated with purchase for non-free apps, and some other features beyond just being a list.

Apple has the ultimate Flash sandbox (5, Funny)

wjousts (1529427) | more than 2 years ago | (#34576060)

You have to run it on a completely different machine. Can't get much more secure than that.

Re:Apple has the ultimate Flash sandbox (1)

zero.kalvin (1231372) | more than 2 years ago | (#34576206)

Or don't run it at all.

Re:Apple has the ultimate Flash sandbox (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#34576318)

Apple has the ultimate Flash sandbox. You have to run it on a completely different machine.

Why?

Re:Apple has the ultimate Flash sandbox (1)

chispito (1870390) | more than 2 years ago | (#34576668)

Because he is comparing Chrome, a browser that runs on PCs, to IOS devices. I'm not sure why.

Re:Apple has the ultimate Flash sandbox (1)

ocdscouter (1922930) | more than 2 years ago | (#34578630)

Because odds are it'll get rated +5 Insightful?

Re:Apple has the ultimate Flash sandbox (1)

icebike (68054) | more than 2 years ago | (#34579030)

Because he is comparing Chrome, a browser that runs on PCs, to IOS devices.

I'm not sure why.

No, he's comparing running Flash on any other platform vs not running flash at all on IOS.

But I suspect you knew that and were just trolling.

LOL (2)

Captain Splendid (673276) | more than 2 years ago | (#34577562)

As an admitted fan of the iOS line, that was comedy gold. Here's hoping the butthurt fanbois don't have mod points today.

Re:LOL (0)

Anonymous Coward | more than 2 years ago | (#34579328)

Hey, even in fanboi mode I agree with the statement and think it's funny.

I just happen to think it's a *good* thing!

Re:Apple has the ultimate Flash sandbox (0)

Anonymous Coward | more than 2 years ago | (#34579180)

I honestly don't get it

Re:Apple has the ultimate Flash sandbox (0)

Anonymous Coward | more than 3 years ago | (#34584166)

It's so secure, I don't even own an Apple anymore.

Better Score? (1)

cozzbp (1845636) | more than 2 years ago | (#34576104)

This is most likely in response to their poor score in the NSS Labs report [slashdot.org] . Maybe their score will improve from 3%?

Re:Better Score? (1)

Lloyd_Bryant (73136) | more than 2 years ago | (#34576568)

This is most likely in response to their poor score in the NSS Labs report. Maybe their score will improve from 3%?

Er, no. That report evaluated performance against "socially engineered malware" only. In short, it tested how well the browser handled protecting the user from being careless or gullible.

Chrome's sandboxing is intended to limit the damage if an attack is encountered, not to keep the attack from happening by warning you that a given site hosts malware.

Re:Better Score? (0)

Anonymous Coward | more than 2 years ago | (#34578684)

To be even more specific, the test evaluated the signature bases against a set of undisclosed URLs. And to note an odd quirk, the test heavily penalized all other browsers for pushing out signatures for these particular URLs a few hours after IE received its signatures. So, the reality could be that NSS biased their test schedule to coincide the IE signature updates, or they took their URL list from the same source as IE, or something else entirely. So, without actually disclosing their full source data and methodology, we simply have no objective way of concluding anything from that report.

Re:Better Score? (1)

Trailrunner7 (1100399) | more than 2 years ago | (#34576996)

No. This was actually announced 2 weeks ago by Google and Adobe, not today. http://blog.chromium.org/2010/12/rolling-out-sandbox-for-adobe-flash.html [chromium.org]

Re:Better Score? (1)

Enderandrew (866215) | more than 2 years ago | (#34579700)

The day they announced the Chrome browser they said they would work with Adobe toward this goal.

Re:Better Score? (0)

Anonymous Coward | more than 2 years ago | (#34580418)

Plus, Chrome supported semi-working sandboxed Flash for like 6 months, via --safe-plugins.

Back in the day... (0)

Anonymous Coward | more than 2 years ago | (#34576124)

...we called this a "virtual machine".

Re:Back in the day... (1)

adisakp (705706) | more than 2 years ago | (#34577478)

...we called this a "virtual machine".

You don't need a full VM though with a Modern OS. You can run a plug-in as a child process with almost no access privileges and then it has to request minimal (and hopefully secure) access API's from the host/parent process. This way the plug-in can't directly access file IO without going through an extra layer where it can be scrubbed and gated. Also, since it's running in a different process, it can not directly access any of the memory through pointers in the host/parent process.

Re:Back in the day... (2)

perrin (891) | more than 2 years ago | (#34578244)

Unfortunately, Linux in this respect is not a "Modern OS". The ability to sandbox user applications is extremely poorly developed. I have been looking at portable sandboxing lately, and it is a horrible nightmare. The Chrome developers created some fancy hacks for each OS, and they have pulled it off quite nicely, but they remain hacks, not elegant designs. The platform with the best current sandboxing API is, ironically, Windows Vista/7, with their configurable integrity levels. An API dubbed "Seatbelt" is being developed on MacOSX, but it is still in its barely-can-walk infancy, and the Chrome devs used undocumented parts of the API to make it all work. On LINUX there is a set of competing security modules for the kernel, with SELinux being the most used. Unfortunately, not only do some distros not use it, but a lot of users who have it disable it immediately (or set it to permissive mode, which from a sandboxing point of view is the same thing). And SELinux is a horrible beast to program for. It is insanely complex, and has non-existent documentation on how to use it to confine user programs.

What is needed is some generally agreed upon extension to POSIX on how to easily allow a user process to drop privileges it does not need. One experimental OS I looked at once (VSTa) had the ability for all users to create subgroups to their GID by adding more numbers. If your UID.GID was 500.500, you could create a new directory owned by 500.500.2, and allow the process owned by 500.500.2 only to access to this directory (some documentation on this is still up at http://www.vsta.org:8080/VSTa_2fDocumentation_2fCapabilities [vsta.org] ). I wish some similar, dead simple scheme could be created for Linux that ordinary users could understand themselves. Only a dedicated security elite could possibly wrap their heads around the SELinux rules -- everyone else just turn it off as soon as it gets in the way.

Re:Back in the day... (1)

theaceoffire (1053556) | more than 2 years ago | (#34578808)

I think Linux advancement in virtual machines has been advanced fairly recently.

The Android operating system is a linux based OS that runs java virtual machines, every application in a separate machine with their own database.

You have to manually allow interaction between programs... it is quite stable.

Re:Back in the day... (1)

jimicus (737525) | more than 2 years ago | (#34578958)

The platform with the best current sandboxing API is, ironically, Windows Vista/7, with their configurable integrity levels.

They do say that necessity is the mother of invention.

Re:Back in the day... (1)

Enderandrew (866215) | more than 2 years ago | (#34579738)

As opposed to the Unix world where a process can be associated with a user and a group and have fine-grained permissions based on the user and group, and then even more so with AppArmor, SE Linux, etc?

Re:Back in the day... (1)

Anonymous Coward | more than 2 years ago | (#34581268)

NT supports that and more [tinypic.com] . It's just that when you stray from the realm of filesystem and registry object ACLs, it becomes horribly nonintuitive, and things like process-based IPC security are up to the application to enforce (which, except for the 0.01% of programs such as Chrome, they never do enforce).

Though I vastly prefer the SELinux/AppArmor approach of using agglomerate text files for defining rules... but that might be because I'm a part-time programmer.

Re:Back in the day... (0)

Anonymous Coward | more than 2 years ago | (#34580624)

Are you sure that Chromium on Linux went with SELinux? It's been a while since I read anything but I thought its primary sandboxing means was via Google's extension to the Linux kernel, seccomp. How many distros do/don't include seccomp support?

...

Actually I take that back. I just found this page:
http://code.google.com/p/chromium/wiki/LinuxSandboxing [google.com]

Seems Chromium uses either AppArmor or chroot on most distros (though the latter method doesn't provide full tab/plugin/extension isolation).

Re:Back in the day... (1)

drinkypoo (153816) | more than 2 years ago | (#34581458)

What is needed is some simple tool for configuring an SElinux profile based on an application's behavior. A very complicated tool exists but that is not so helpful.

This might be very good, or very bad (1)

Stregano (1285764) | more than 2 years ago | (#34576130)

It would depend on how much in resources is allocated to sandboxing. If this is a static number, then what if the flash is simply a flash banner ad and has resources allocated to it. Now, if the allocation is fully dynamic, this could be very awesome. They would still run into an inevitable problem of not enough resources on the machine, but then again, that is hard to avoid. I truly hope Google is not going to statically allocate resources since that would be bad. I have seriously made a logo for a person in the past using flash. If the resources are static for allocation, then there is a very High chance Google will either allocate too much or too little to something.

Re:This might be very good, or very bad (0)

Anonymous Coward | more than 2 years ago | (#34577798)

I have seriously made a logo for a person in the past using flash.

I hope they paid you in sex, because no Slashdotter will take you seriously if you accepted mere money for committing such an atrocity.

Obvious financial motivations there... (1)

Anonymous Coward | more than 2 years ago | (#34576176)

Google earns money through advertising and wants to serve Flash banners (As doubleclick, which is already owned by Google, does). All new security holes in Flash cause more people to block or at least hate it. By sandboxing Flash in Chrome, Google both encourages people to use its browser and lowers the motivation to block all flash content. A great decision for Google and it happens to benefit the users, too.

(As a freelancer who prefers Chrome as his browser, works mostly in internet advertising and occasionally teaches courses in web development related subjects - including Flash - I'd like to hug the engineers that implement this.)

Re:Obvious financial motivations there... (0)

Anonymous Coward | more than 2 years ago | (#34577672)

(As a freelancer who... works mostly in internet advertising and occasionally teaches courses in web development related subjects - including Flash...)

As an Internet user, I'd like to egg your house.

Re:Obvious financial motivations there... (1)

gtomorrow (996670) | more than 2 years ago | (#34579118)

I'll buy the eggs.

Re:Obvious financial motivations there... (1)

flimflammer (956759) | more than 2 years ago | (#34581140)

Lets do this.

By announced "today", you mean December 1st? (4, Informative)

VGPowerlord (621254) | more than 2 years ago | (#34576196)

In case you missed it, the Chromium Blog talked about this in their December 1st blog entry [chromium.org] .

Re:By announced "today", you mean December 1st? (1)

uncanny (954868) | more than 2 years ago | (#34576478)

Well duh, because it was just announced today that Chrome is going to die anyways!

Re:By announced "today", you mean December 1st? (1)

0x15e (961860) | more than 2 years ago | (#34576934)

They it was suggested that Chrome OS is going to die, not Chrome the browser. Even then, it wasn't an announcement. It was a statement made by a former Google employee. Hardly anything official.

Not really important to me (4, Interesting)

gman003 (1693318) | more than 2 years ago | (#34576266)

After all, I already run Chrome itself in a sandbox. Firefox, too. Why?

Pretty much every exploit now begins by "the user visits a website". After that, pretty much any technology can be the hole it exploits - Java, Flash, PDF viewing, even JPEG rendering has been exploited. There's an abundance of targets. The modern browser is just too big a platform to secure completely. So, I don't trust any browser more modern than Lynx.

Re:Not really important to me (4, Informative)

carkb (1344835) | more than 2 years ago | (#34576430)

Even Lynx is too 'modern'. Check this exploit: http://www.vupen.com/english/advisories/2010/2042 [vupen.com]

Re:Not really important to me (1)

Pollardito (781263) | more than 2 years ago | (#34578702)

Even Lynx is too 'modern'. Check this exploit: http://www.vupen.com/english/advisories/2010/2042 [vupen.com]

This is exactly why I manually telnet to each website's port and issue GET requests directly

Re:Not really important to me (1)

ChunderDownunder (709234) | more than 2 years ago | (#34580574)

dude! For online banking, use ssh.

Re:Not really important to me (0)

Anonymous Coward | more than 3 years ago | (#34584478)

While GET is safe, reading response from terminal may be not. It can contain specially crafted control sequences e.g. exploiting vte or xterm vulnerabilities.

Re:Not really important to me (1)

Eponymous Coward (6097) | more than 2 years ago | (#34577164)

pretty much any technology can be the hole it exploits

So, are you saying your sandbox code (which is probably not bug free) could be the source of some fruitful exploits?

Re:Not really important to me (1)

gman003 (1693318) | more than 2 years ago | (#34577330)

Yes. It's had quite a few exploits found and fixed. There's definitely more to be found. I would not trust it to contain a known-malicious program. However, it's an effective barrier when combined with a decently-secure browser like Firefox or Chrome - not only does the "hacker" have to find an exploit in the browser, but in the sandbox as well, making it exponentially more difficult.

Re:Not really important to me (1)

NoSig (1919688) | more than 2 years ago | (#34577770)

not only does the "hacker" have to find an exploit in the browser, but in the sandbox as well, making it exponentially more difficult.

Huh, I'm pretty sure you don't know what exponential means, but you actually by mistake managed to use it in a way that makes a little sense, even if it takes a little creativity to see it. If the probability of being able to find a hole in a given layer is p, and there are n layers to get through (not just 2), and the probabilities are independent, the chance of finding a hole in all of them is p^n. Absurd assumptions, but it still amuses that someone used "exponentially" in a way that almost made sense in this sort of context - first time that I've ever seen that.

Re:Not really important to me (1)

Cryacin (657549) | more than 2 years ago | (#34578120)

You don't get out much, do you?

Re:Not really important to me (1)

NoSig (1919688) | more than 2 years ago | (#34578428)

Your comment's humor derives from thinking that knowledge = low status.

Re:Not really important to me (1)

Cryacin (657549) | more than 2 years ago | (#34581048)

Actually, I'm finding your hubris humorous.

Re:Not really important to me (1)

NoSig (1919688) | more than 2 years ago | (#34581256)

Here's some self-help [merriam-webster.com] . No need to thank me.

Re:Not really important to me (1)

Cryacin (657549) | more than 3 years ago | (#34582698)

Thanks comic book guy! http://en.wikipedia.org/wiki/Comic_Book_Guy [wikipedia.org]

Worscht... link... ever!!!

Re:Not really important to me (1)

NoSig (1919688) | more than 3 years ago | (#34583358)

lol

Re:Not really important to me (1)

gman003 (1693318) | more than 2 years ago | (#34578976)

Actually, people misusing exponential is one of my pet peeves. And yes, that was pretty much exactly what I meant - if there's only one program to exploit, the difficulty is k, if there's two it becomes k^2, and so on.

Re:Not really important to me (1)

NoSig (1919688) | more than 2 years ago | (#34581234)

I'm sorry I said you probably didn't in that case.

Re:Not really important to me (1)

gman003 (1693318) | more than 2 years ago | (#34581264)

It's fine.

Re:Not really important to me (0)

Anonymous Coward | more than 2 years ago | (#34578288)

Stack smashers and nop sleds still take place with text input. Anything taking external input is subject to exploit attempts. You think Lynx is safe because it's totally unusable today and archaic? Guess what? It uses several libraries to achieve its functionality, and each of those may have pending exploits in addition to any holes, off by one errors and other bugs within Lynx itself.

Re:Not really important to me (1)

JSlope (1180805) | more than 2 years ago | (#34579588)

By the way, I already run flash only with Chrome, it has a build in flash player and so I don't have to install adobe flash to all the browsers. I browse with firefox and opera and when I need to see a page with flash (usually it's a video) I copy the url and run it in Chrome.

Dupe (1)

VGPowerlord (621254) | more than 2 years ago | (#34576308)

Original Slashdot story [slashdot.org] from December 3rd.

Re:Dupe (4, Informative)

wiredmikey (1824622) | more than 2 years ago | (#34576432)

Yes, they mentioned it earlier, today it appears to actually be in action and built into the latest beta of the product.

Flash cookies (1)

140Mandak262Jamuna (970587) | more than 2 years ago | (#34576354)

Can the sandboxing be done in such a way that all the data written by FlashPlayer in local storage can be erased when it goes out of scope? Every invocation of flash player will be on a freshly cleared local storage and one flash run will not be able to retrieve cookies and other persistent data?

Re:Flash cookies (1)

beakerMeep (716990) | more than 2 years ago | (#34576460)

There isnt anything wrong with the concept of persistent local storage, the problem is multiple persistent local storage areas that a user has to jump through hoops to clear. HTML5, Cookies, and Flash Cookies all have this issue.

Re:Flash cookies (1)

ADRA (37398) | more than 2 years ago | (#34576872)

I could see this breaking sites that actually use those cookies for something meaningful across invocations. I'm surprised that Adobe didn't just go down Java's route and use the browser's built-in cookie management system for taking care of their own cookie needs.

Re:Flash cookies (1)

Joe U (443617) | more than 2 years ago | (#34577144)

I could see this breaking sites that actually use those cookies for something meaningful across invocations. I'm surprised that Adobe didn't just go down Java's route and use the browser's built-in cookie management system for taking care of their own cookie needs.

Those are easy to manage. Flash cookies, not as easy.

Well, not unless you understand how to create a RAMdrive and are familiar with MKLINK (in Windows).

I like my RAMdrive, so many things live there, albeit shortly.

Re:Flash cookies (1)

clone52431 (1805862) | more than 2 years ago | (#34577276)

Flash cookies, not as easy.

Well, not unless you understand how to create a RAMdrive and are familiar with MKLINK (in Windows).

They’re just stored in your application data folder. Firefox has addons that will automatically delete Flash cookies (e.g. BetterPrivacy). Does Chrome? And even if Chrome doesn’t, it’d be easy enough to make a script that would do it on startup or shutdown.

Re:Flash cookies (1)

Joe U (443617) | more than 2 years ago | (#34577500)

Too much trouble.

I just point to a folder on the ramdrive and not only does flash get a little faster (very little), but there are no open files on the HDD.

All my browser temp files live there, that way when I'm browsing the laptop shuts down the HDD.

Re:Flash cookies (1)

clone52431 (1805862) | more than 2 years ago | (#34577534)

Less trouble to install an extension than set up a RAMdrive, I think. Either way, it’s done and you can forget about it.

Re:Flash cookies (1)

Joe U (443617) | more than 2 years ago | (#34578696)

Less trouble to install an extension than set up a RAMdrive, I think. Either way, it’s done and you can forget about it.

Good point. It's my ramdrve.sys background, they were necessary way back when, so I tend to find a use for them now.

Re:Flash cookies (1)

HybridST (894157) | more than 2 years ago | (#34579080)

The best upgrade to my portable rig with it's slow hard drive that i've made has been to add ram and move swap to ram(on heavily-tweaked xphome) leading to a 1400% (benchmarked!) speed increase for swapped data access! Now the system drive doesn't need to thrash constantly to handle FF with my 20-50 tab sessions, my DAW [wikipedia.org] and games run much more smoothly and i can eke out more work from the workhorse system.

The naysayers will say to upgrade hardware or get a new system or drop in a second drive but for my purposes this has been a HUGE performance boost allowing my old hardware to last a lot longer than it otherwise would.

Now i just gotta figure out why my p4 2.8ghz sped up to 3.2ghz last week... still runs stable and wihin thermal tolerance though. My typical system uptime is on the order of 5-6 weeks only really shutting down to clean the cooling fins. As always YMMV.

Re:Flash cookies (1)

clone52431 (1805862) | more than 2 years ago | (#34579146)

I know exactly what you mean. I’ve debugged slow WinXP machines for people where it turned out they were “slow” because they only had 256MB of RAM. Good grief, people, drop the $40 or $20 it takes to get a gig or a half a gig of RAM (and tell them no, I don’t want to pay $60 for you to unscrew the panel on the case and pop it in for me), your computer will run just fine...

Re:Flash cookies (1)

ADRA (37398) | more than 2 years ago | (#34579216)

"i've made has been to add ram and move swap to ram"
Wow, please just turn off swapping all together and save yourself the trouble. You're just robbing from RAM the very resource that you need, RAM! The entire point for swapping is to save on RAM, and the very act of ram driving is taking away more of that precious resource. Just turn your swap off and kill the RAMDrive. I assure you that unless windows is on some serious drugs, your performance should improve.

Fuck that. (0)

Anonymous Coward | more than 2 years ago | (#34576626)

Throw it into the trashcan.

It didn’t already? (1)

clone52431 (1805862) | more than 2 years ago | (#34576628)

Heck, I think Firefox did it already... I think Flash must have released an unstable version recently. I’ve had Firefox lock up on me a couple of times. Killing the “plugin container” process in Task Manager immediately made Firefox start responding again and display an info bar on pages that had been using Flash saying that a plugin had crashed (gee, wonder why?) and suggesting that I reload the page.

Re:It didn’t already? (0)

Anonymous Coward | more than 2 years ago | (#34579104)

Heck, I think Firefox did it already...

Nope.

I think Flash must have released an unstable version recently. I’ve had Firefox lock up on me a couple of times. Killing the “plugin container” process in Task Manager immediately made Firefox start responding again and display an info bar on pages that had been using Flash saying that a plugin had crashed (gee, wonder why?) and suggesting that I reload the page.

Firefox is running the flash player in a separate process. That process is not sandboxed.

If an exploit in flash is discovered, and you visit a page with malarious flash content, the flash player process can do anything that the user running firefox can do. Deleting your home directory and grepping for strings that look like credit card numbers, for example. Sandboxing stops this by killing the flash process if it makes any syscalls.

Re:It didn’t already? (1)

clone52431 (1805862) | more than 2 years ago | (#34579188)

Firefox is running the flash player in a separate process. That process is not sandboxed.

If an exploit in flash is discovered, and you visit a page with malarious flash content, the flash player process can do anything that the user running firefox can do.

Yeah, I wasn’t thinking about that subtlety. However, that’s still a form of sandboxing; it’s sandboxed away from the rest of the browser, though not sandboxed from the OS.

Re:It didn’t already? (1)

Enderandrew (866215) | more than 2 years ago | (#34579998)

Chrome seperated the plugin as a seperate process, which Firefox then copied. But merely having the plugin as a seperate process does not mean the plugin is sandboxed. Flash still has access to install spyware on your computer. By placing the plugin in a sandbox, Flash doesn't have the right to hose your box.

Re:It didn’t already? (1)

clone52431 (1805862) | more than 2 years ago | (#34580076)

Processes should already be running under limited user access, so I was thinking more in terms of stability than security. But you’re right.

A simpler and safer approach (1)

ThatsNotPudding (1045640) | more than 2 years ago | (#34576642)

would be to sandbox everything made by Adobe.

Re:A simpler and safer approach (1)

gstoddart (321705) | more than 2 years ago | (#34577206)

would be to sandbox everything made by Adobe.

Or, don't install it if you can live without it.

The overwhelming majority of stuff that I do online doesn't need flash -- I see it in ads more than I do anything useful, and that gets blocked by noscript before it can discover that I don't even have Flash installed.

When I do need flash, I go into a fairly closed down VM image and run it -- and that's pretty rare, like twice/month tops. While I'm sure there are sites that people use that require it, I've always avoided it like mad and don't feel like I'm missing anything important.

Can I Has Flash Player? (1)

Anne_Nonymous (313852) | more than 2 years ago | (#34576662)

Litter box, sandbox; both are full of sand and "Tootsie Rolls".

Does this make it respect Incognito? (1)

brunes69 (86786) | more than 2 years ago | (#34577168)

If you browse in incognito mode does it then make all flash storage non-persistent? Because this is how the evercookie works across incognito.

Re:Does this make it respect Incognito? (0)

Anonymous Coward | more than 2 years ago | (#34577380)

the evercookie works across incognito.

False.

Not safe enough (1)

SirMasterboy (872152) | more than 2 years ago | (#34577314)

I run my sandbox in a sandbox. That ought to be safe enough!

Java did it (1)

guybrush3pwood (1579937) | more than 2 years ago | (#34577628)

... a long time ago. I'm not impressed.

Re:Java did it (0)

Anonymous Coward | more than 2 years ago | (#34579286)

... a long time ago. I'm not impressed.

No one uses web browsers or flash players written in Java. The chrome team made a browser with over 100e6 users with a sandboxed renderer. Then they created a sandboxed flash player and PDF viewer. These are not small accomplishments.

Suppose someone created a C/C++ compiler that completely prevented buffer overflows and supported existing code with only a recompile and a few small changes. They then went out and got 95% of desktop software in use to be compiled with it. Would you say this is not impressive, because Javaa already prevents buffer overflows? Of course not: The number of desktop applications written in Java is very small, and this project had an effect on real users.

Run the Browser in a VM (0)

Anonymous Coward | more than 2 years ago | (#34578128)

I've been thinking that the ultimate in browser security would be to use the Chrome "OS" to create a virtual machine for the browser, thus each "browser" would actually be it's own machine (VM). The only way for the browser to get files to the host machine would be through some sort of quarenteen folder or frtp like protocol. You'd have to install plug-ins in each VM but if something bad happened all you 'd have to do is start again. Bookmarks can be sync'd over the web.

Steve Jobs was right: Flash sucks (0)

Anonymous Coward | more than 2 years ago | (#34578438)

Here's proof. CPU usage reduction up to tenfold [adobe.com]

Re:Steve Jobs was right: Flash sucks (1)

clone52431 (1805862) | more than 2 years ago | (#34578902)

It couldn’t use hardware acceleration before. It can now. They’re releasing a new version that does.

I think you mean, Flash used to suck... and it wasn’t really entirely its fault.

Correlation (1)

Fujisawa Sensei (207127) | more than 2 years ago | (#34578858)

Since a sandbox is a literbox and a litterbox is really just a toilet. That would mean they're throwing flash in the toilet. Perfect!

Re:Correlation (1)

AmazingRuss (555076) | more than 3 years ago | (#34584152)

Maybe kitty will come along soon and bury it.

Step Forward... (1)

theamarand (794542) | more than 2 years ago | (#34578952)

I think this is a good step forward. I'd like to see the majority of plugins in a sandbox. I like to use them, but you can't always be 100% sure if you can trust them or not. Sure, there are applications that have been around for ages, are designed by good companies that have decent reputations - but what about that "must have app" that you're not completely sure about? I know on my Blackberry, each application has its own permissions. I can add and remove permissions at will, and even set them to prompt me. I've always found Internet Explorer a bit scary, but have never worried much about Firefox. With some plugins, it should be a no brainer: does a weather application need access to my hard drive, aside from a caching space? I don't think so. Possibly plugins could be vetted and reviewed by a committee, and given permissions within the browser/OS based on what they need to do, and each plugin would have a "safety rating" (red, yellow, green) so you can choose your exposure. If all of your plugins were "green," you'd know that the committee reviewed the code and set the permissions in such a way that your data could not be compromised. If code could not be reviewed, it would automatically be marked yellow or red. I like the idea of choice as equally well as I like safety and security.

My cat does better than Google. (0)

Anonymous Coward | more than 2 years ago | (#34579228)

He throws Flash in the litterbox.

Um... (0)

Anonymous Coward | more than 2 years ago | (#34581746)

They didn't already do this?

Sandboxing 'protection' (1)

dugeen (1224138) | more than 3 years ago | (#34585354)

It's the user who's in the sandbox with Google software. No chance of turning off the fade-in, or the instant search keylogger.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>