On Aug 6, 2009, at 1:43 AM, yoav zilberberg wrote: > No adam, i did not sumbit patches to the sandbox :) i just used its > API's to forward calls from kernel32.dll to my own DLL's so i could > inject code to VC.exe and force it to run in the idle priority > class.... > > but i still don't get it > if Flash expects to be able to SendMessage, then you cannot sandbox > it anyways as there is no limit to what can be done > and of course, i also look forward to HTML5 > > All i am saying is that one of the biggest selling points of chrome > is that it is secure (no drive by malware anymore)
--disable-plugins or --safe-plugins will get you there. Just don't expect full web compatibility. What you're expressing is the very real tension between what users currently expect and the security implications of how those expectations are realized today. Browser vendors are caught in the middle -- this is by way of explanation, not excuse. I think everyone working on Chrome wishes Flash were sandbox- able and are frustrated with the current situation. If you've got ideas for how to make --safe-plugins work better with real-world Flash, I suspect those ideas would be well received. Accusing the team of gross negligence probably won't help you get patches landed any faster, though. > and i was hoping from such a good produce as chrome to protect me > > there is simple statistics to be had here > do most flash apps expect to the able to SendMessage ? if so, i > admit, this is a hopeless case > but if not, then you should have added an option in chrome to say > 'sandbox flash by default' and then you could whitelist some sites > you trust I think to Adam's point, we'd like a relatively complete sandbox (i.e., one that run in a pre-defined policy and in which one failure won't lead to many other kinds of breaks). Take the example of 3D hardware access: drivers run in the kernel. Any problem there will invalidate whatever work is done at, say, the filesystem level. It's likely true that most of the world's Flash doesn't need to do insecure things. Figuring out a sane way to either tell Flash "no" in a way that doesn't out-and-out crash movies or in some other way give users control seems an area that could use more exploration if you've got the time. Regards --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
