There's been a lot of news related to software sandboxing in the last week, but one event in particular: Google has moved version 8 of Chrome (specifically 8.0.552.21) into the "Stable" channel, making it the release-level version.
Version 8 adds a PDF reader built into the browser and moves the already integrated Adobe Flash Player into the Chrome sandbox. Thus two of the biggest attack targets for Windows users become substantially neutered.
At the same time Google announced 12 vulnerabilities fixed in the new version and, as usual, the importance of the severity ratings is being ignored in most reports. 4 of the vulnerabilities are rated "High," less than the maximum of "Critical," largely because High vulnerabilities don't get out of the sandbox. As you can see fromGoogle's severity guidelines, High vulnerabilities can be quite serious, such as cross-site scripting bugs, but all four of these High bugs appear to be memory management bugs which won't allow any abuse out of the sandbox, and therefore won't allow anything all that serious to happen to the PC.
I've been using the PDF reader in the Beta channel for some time and functionally it's basic. What it does is to read the PDF and render it in the browser DOM, not in a control, so all the rendering is within the security of the browser engine. But browser rendering and UI are not as powerful or flexible as a native program like Adobe Reader, so you do run into things that don't work, or don't work as well as in Reader. Still, most of the time all you're doing is reading the document and that usually works fine. If you need to do more, you can download the file and use another reader.
Google and Adobe each released their own blog entries announcing the incorporation of the integrated Flash player into the sandbox. In fact, Flash is already substantially sandboxed in many environments, such as on Windows Vista and Windows 7 where it runs as a low integrity process, but only in Chrome is it sandboxed in Windows XP. And since Chrome's Flash Player is updated automatically, fixes to any vulnerabilities in Flash are easiest to get there too. These are major reasons why Chrome is my default browser now.
But there are limits to sandboxes. Thanks to Ryan Naraine on ZDNet for pointing me to analysis done by security software firm Invincea describing the limitations in the Adobe Reader X sandbox. Invincea calls sandboxing such as Reader's "a step in the right direction."
Even Adobe's engineers (and Microsoft's and Google's, as they all use the same basic sandbox architecture) concede certain limitations:
- Protected Mode will not prevent unauthorized read access to the file system or registry.
- Protected Mode will not restrict network access.
- Protected Mode will not prevent reading or writing to the clip board.
So a "successful" exploit in the sandbox could, for example, read files or registry data to which the user in whose context the program ran has access and send them over the network. Invincea proposes protections against these and other attacks and, no surprise, their own products claim to provide them.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
