堆栈内存溢出
  简体   繁体   English

将仅运行HTML和JS的浏览器沙盒化

[英]Sandboxing a browser that runs HTML & JS Only

 原文  2011-12-06 12:54:27       javascript/ windows/ security/ google-chrome/ webkit

问题描述

I've recently read the chromium sandbox architecture overview and the multi process architecture high level design . 我最近阅读了铬沙箱架构概述多进程架构高级设计 The developers claim they run the tabs and web apps in a privileged external process for 2 main reasons: 开发人员声称,他们在特权外部流程中运行选项卡和Web应用程序有两个主要原因:

1) Prevent the browser from crashing in case a tab or a web app crashes. 1)防止浏览器在选项卡或Web应用程序崩溃的情况下崩溃。
2) Various security reasons. 2)各种安全原因。

The security reasons I read about were mostly about changing the user's system configuration via Win32 API. 我读到的安全性原因主要是关于通过Win32 API更改用户的系​​统配置。

Now let's assume I develop a web browser that uses Webkit and V8 JS Engine and does not allow browser extensions and flash to be executed from within the browser. 现在,假设我开发了一个使用Webkit和V8 JS Engine的Web浏览器,并且不允许在浏览器中执行浏览器扩展和Flash。
Furthermore let's assume that application crashes are not an issue. 此外,我们假设应用程序崩溃不是问题。

1) What advantages do I gain by implementing the sandbox architecture? 1)通过实现沙箱体系结构,我可以获得什么优势?

2) Can pure Javascript code access the memory\\file system or invoke any unwanted windows API function? 2)纯Javascript代码可以访问memory \\ file系统或调用任何不需要的Windows API函数吗?

3) What are the other security concerns I'm not aware of? 3)我不知道的其他安全问题是什么?

1 个解决方案

解决方案1
 0 已采纳  2011-12-06 16:06:05

People have been hacked though web browsers for years, this is a silly question. 人们多年来一直通过网络浏览器被黑客入侵,这是一个愚蠢的问题。 Of course JavaScript can be used to gain access to the shell. 当然,可以使用JavaScript来访问shell。 This is the basis of browser based exploitation. 这是基于浏览器的利用的基础。 Not only JavaScript, but malformed HTMl and CSS are also commonly used to corrupt memory and gain remote code execution. 不仅JavaScript,而且格式错误的HTMl和CSS也通常用于破坏内存并获得远程代码执行。 WebKit is new, and it has a lot of security problems . WebKit是新的,并且存在很多安全问题 Keep WebKit Up to date, or you will be hacked. 使WebKit保持最新状态,否则您将被黑。

It should be noted that JavaScript runs within a sandbox that jails it from accessing important resources on your machine or other websites, we call this the same origin policy. 应当注意,JavaScript在沙箱中运行,阻止其访问您的计算机或其他网站上的重要资源,我们将此称为相同的来源策略。 Google introduced another sandbox for Chrome to try and prevent remote code execution as a method of defense in depth, security in layers. Google为Chrome引入了另一个沙箱,以尝试阻止远程代码执行,以此作为纵深防御和分层安全性的一种方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JS/HTML onblur 只运行一次 - JS/HTML onblur runs only once 如何沙箱<style> declaration in html? - How to sandboxing a <style> declaration in html? js验证仅运行一次 - js validation only runs once 有没有办法在只有JS / HTML的AIR应用程序中使用Webkit浏览器? - Is there a way to have a Webkit browser within an AIR app with JS/HTML only? JS,只使用 html。 我可以检查用户浏览器吗? - JS, only use html. Can I check user browser? React Native App 仅通过浏览器运行 - React Native App runs only through the browser Node.js在cmd中运行,但在浏览器中不运行 - Node.js runs in cmd but not in browser Rhino是唯一支持沙箱和可序列化延续的解释器吗? - Is Rhino the only interpreter with support for sandboxing and serializable continuations? 沙盒化Node.js模块-能做到吗? - Sandboxing Node.js modules - can it be done? Rails App中的沙盒JS执行 - Sandboxing JS Execution within Rails App
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM