I'm glad to hear you've been submitting patches to the sandbox. The tricky part about sandboxing code is you have to think of all the malicious things the code could do to get out of the sandbox. Even if we could reliably stop Flash from forking WinMail.exe, what's to stop Flash from sending the proper sequence of Win32 messages to open a command prompt and type WinMail.exe into the console?
I think what Carlos is saying is that if you open up enough holes in the sandbox to have Flash function properly, then you've made it easy for an attacker to escape. As for watching YouTube securely, I have high hopes that HTML5's <video> tag will help you. :) Adam On Thu, Aug 6, 2009 at 1:25 AM, yoav zilberberg<[email protected]> wrote: > Ian, well, i like your reply, so just tell me please for my own knowledge > one thing > is there ever a reason to allow flash (we are talking only flash here) to > fork WinMail.exe for example ? > i am a very light weight surfer, and i mostly read tech stuff, so my > experience with flash is mostly youtube > is this really something which any flash application does ? > does flash really expect to have access to 'program files' ? > if flash is expected to have access to it all, then you wouldn't have tried > to sandbox it in the first place, right ? > and btw, i read really a lot of the source code of chrome, and i still do, i > even used your sandbox API > to various tricks, and i even submitted patches and expect to do more in the > future > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
