“This ensures that the sandbox content cannot write to arbitrary places on the user’s hard drive,” Lips said.Īdobe already has experience building browser plug-in sandboxes, thanks to the Flash Player’s tight integration with the Google Chrome browser. As such, when content within the sandbox needs to store data in a local shared object (LSO), the sandbox content makes a request to the broker, and the broker handles writing the LSO content to the disk. “The broker process is a privileged process that runs with default rights and provides secure access to specific resources not available to the sandbox,” Lips said.Īs an example, she noted that writing to disk is not available to the sandbox. Lips noted that functionality that is not permitted inside the sandbox is handled by the broker process. The additional security that comes with the Flash sandbox does not restrict the user-level functionality of a Flash file. “The Flash Player Protected Mode sandbox also creates a separate process, but the Protected Mode process is restricted by application and OS-level security controls to help prevent exploits from being successful,” Wiebke said. In contrast to Mozilla’s own out-of-process plugin system, the Adobe sandbox goes a step further to provide an additional layer of protection. Mozilla introduced the plugin-container executable as part of an effort known as “out-of-process plugin support” in June 2010, with the Firefox 3.6.4 release. “However, there are no security restrictions placed on the plugin process.” “By running plugins in a separate process, Firefox can ensure that a plugin crash does not crash the entire Web browser,” Lips said. Wiebke Lips, Senior Manager of Corporate Communications at Adobe, explained to that Firefox today runs Flash Player and several other plugins in a separate process called plugin-container.exe. The new Flash Player sandbox for Firefox is currently in a public beta and it aims to go beyond the process protections that Mozilla already affords to plugins. After first appearing in Google’s Chrome browser, the Flash sandbox is now on its way to Mozilla’s Firefox. While Adobe rapidly moves to fix urgent flaws as they emerge, they have also been moving towards a sandboxing approach that mitigates the risk of any potential flaws in Flash. Adobe’s Flash Player plugin is among the most attacked pieces of software on the Internet today.
0 kommentar(er)
