-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/20/2014 12:51 PM, Boris Zbarsky wrote:
> On 5/20/14, 11:03 AM, The Wanderer wrote: >> If it is properly sandboxed, it should not be able to find out >> anything about the sandbox (== the host executable) except what the >> sandbox itself tells it > > A sandboxed process still have full access to its own address space, > no? It may be restricted in terms of what system calls it can make, > but within itself it can do whatever it wants. > > So if the CDM is running directly in the sandbox process address > space (as opposed to running in some sort of VM) then it can > interrogate things like the address space layout and compare it to > the layout it expects. Is it running that way? I would have expected that each module involved - Firefox, the sandbox, and the CDM - would be running as a separate process, with at least the last one nested inside the previous. Although I'm not an expert on the topic, I wouldn't have expected effective sandboxing of black-box code to be practically possible any other way. (If there are resources on the topic which I could use to educate myself on relevant principles, beyond the glaringly obvious, I'd be glad to learn of them.) >> unless there are channels for it to access the host system which >> bypass the sandbox. > > Inspecting your own address space doesn't require access to the > system. Will that be enough? That is, is that (for practical purposes) impossible to effectively fake? I wouldn't intuitively expect it to be, but then, I wouldn't have expected this to be predictable enough to base validation on in the first place (assuming I understand what you mean by "address space layout" - the same as is used in the term ASLR, address-space layout randomization). It's possible I underestimate the difficulty of intentionally producing the same inner-process address-space layout in two different ways. - -- The Wanderer Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJTfBZ2AAoJEASpNY00KDJrm5kP/0Ib4d39hOyi6NVXIbgKqDIV yPOlJLzZ3Ip5yoxEKT4sDEca9c4bsedydcJn2BI6HLH9QwpMUXRq4sSm9h1IaudY q7G9jOZJBTLPAVOuoMwN0PrG71ZKTdQ9jWWSFNs2XdxzyiWaXviZ1vjkTPUWkxNR R/QcdZwNldx+5wum68juLgh6GI7wBKWb9nUS/IQGW5uc8Tp9OurZDJZAf2JvDkgM 8SCPplfNAw/BTJl/d6FLv0msuha1iGjdah6js0HICjQgulYMtXlbejd4gSiEAS5w VX5LjwA5Ye7bgH0jwM/gs/uSvj8L+g5jbdNQuNXQ2FgeFBGlfG97g4yW/EkFMTwY 47cjylvWCCxjt5liUTGNcGqfIUemtpxYS13Q5yFgrxlHUcOwK2szZjLp38UpLy+Q CxrSsPidurl8rRJwHPcPgj/IGmFS6iLoD4Z1WsviAKueuxaL4WqKQwhj51tlpAB0 PkYPBc7HEqRakw+Gj5wLknGjXJgeagA84zNuiY5x7s5rUcb/Gow6Zsrso0JU4A2t yPXBLQgTM09HZbkHgJh7Cd6Dj6YxyFVcSuFCnX2/K3VhuPGej4claa1QyRKwUS9o EzkNK7idcMUjEr+SXqNrUFSPkFv/DDg/axHfyX/9emSxblFbkIo5Pfpe2ZftVdcG p8MlJehzHCiCBDobye+6 =8gIK -----END PGP SIGNATURE----- _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
