Sandboxing made easy
Posted Aug 20, 2009 0:14 UTC (Thu) by man_ls
Parent article: Google's Chromium sandbox
This is probably a stupid question, but I have to ask. Why not use read() and write() to make the untrusted part communicate with the trusted part, via a pipe? The untrusted part (a process) could decipher the HTML, and then send the result in an intermediate form to the trusted part (another process) for it to display that on the screen. Any compromise would have to generate an intermediate "poisoned" form that did something bad to the trusted part, but sending the malicious payload would be really difficult.
It does look quite complex, but the sandboxing is not trivial either.
to post comments)