Confirmed users
717
edits
Security/ProcessIsolation/ThreatModel: Difference between revisions
Security/ProcessIsolation/ThreatModel (view source)
Revision as of 21:05, 17 June 2009
, 17 June 2009→Threats
| Line 23: | Line 23: | ||
*different resources or types of file systems may not be protected from direct access by low-privilege processes, due to lack of support for security descriptors (ex. FAT and FAT32: http://dev.chromium.org/developers/design-documents/sandbox#TOC-The-token) | *different resources or types of file systems may not be protected from direct access by low-privilege processes, due to lack of support for security descriptors (ex. FAT and FAT32: http://dev.chromium.org/developers/design-documents/sandbox#TOC-The-token) | ||
*a restricted process must lower privilege effectively after boostrapping, and close any open privileged resources beforehand | *a restricted process must lower privilege effectively after boostrapping, and close any open privileged resources beforehand | ||
*if low privilege content has access to, or provides input directly to, drivers such as video, printing, storage, etc. there is a significant risk that those device drivers are not designed to consume malicious / untrusted content | *if low privilege content has access to, or provides input directly to, drivers such as video, printing, storage, fonts, etc. there is a significant risk that those device drivers are not designed to consume malicious / untrusted content | ||
==System / Local Network Data Theft== | ==System / Local Network Data Theft== | ||