Thanks to Google for referencing our post introducing sandbox in their sandboxing design document for Chromium at:
http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design
Their use of sandbox is really over and above what we’ve seen from any other vendor. Each installation contains 3 distinct sandbox profiles (currently I have 4.0.249.49 and version 5.0.342.9 although mileage here may vary according to updates), each profile allowing access to only files and resources that are absolutely necessary to complete the task that the process that leverages them requires. You can see the specific resources that are accessible by looking at these profiles. The profiles are located at:
- /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/renderer.sb
- /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/utility.sb
- /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/worker.sb
cat /Applications/Google\ Chrome.app/Contents/Versions/4.0.249.49/Google\ Chrome\ Framework.framework/Resources/renderer.sb
You can then edit the profiles easily. For example, if you want to enable debug logging for sandbox, etc. This allows you transparency into what Chrome is doing but also allows you to further tighten security. Although, they have really taken their time to secure Chrome well and locked things down, so we doubt much further restriction is necessary or really possible. Overall, Chrome provides a great example of taking sandbox to the next level and extending it much more into the applications with graphical user interfaces than we’ve seen it extended to thus far.
