New issue
Advanced search Search tips

Issue 850201 link

Starred by 8 users
Status: Assigned
Owner:
rsesek@chromium.org
Cc:
kerrnel@chromium.org
palmer@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug

Blocking:
issue 851565



Sign in to add a comment

Mac: Sandbox the browser process

Project Member Reported by rsesek@chromium.org, Jun 6 2018 
At WWDC 2018, Apple highlighted that Safari now sandboxes the browser process (whereas it ran un-sandboxed previously). We should consider doing the same, as it may be a prerequisite for enabling the Mojave Hardened Runtime (issue 850193).

Obviously the browser is the highest-privilege process Chrome has, so any sandbox we put around it will be rather porous. But we still may be able to drop some ambient capabilities that it does not require.

Comment 1 by rsesek@chromium.org, Jun 6 2018 

We should also consider the App Sandbox versus just applying a Seatbelt profile. The former would put the app into a container, which could require migrating user-data-dirs, too.

Comment 2 by rsesek@chromium.org, Jun 6 2018

Owner: rsesek@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by rsesek@chromium.org, Jun 7 2018 

Safari use the App Sandbox (com.apple.security.app-sandbox entitlement) in 10.14.

The system can do container migration automatically, if we wanted: https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/MigratingALegacyApp/MigratingAnAppToASandbox.html#//apple_ref/doc/uid/TP40011183-CH6-SW1

Comment 4 by palmer@chromium.org, Jun 11 2018

Cc: palmer@chromium.org

Comment 5 by palmer@chromium.org, Jun 11 2018

Blocking: 851565

Sign in to add a comment