Security/ProcessIsolation/ThreatModel: Difference between revisions

 
(2 intermediate revisions by the same user not shown)
Line 36: Line 36:
*theft of local and network files via file:// and related schemes
*theft of local and network files via file:// and related schemes
*theft of local data via direct access to database or database files
*theft of local data via direct access to database or database files
==== Assets at Risk ====
* local files, registry entries, etc.
* network files (NFS, SMB)
* intranet servers / services


==Cross-domain Compromise==
==Cross-domain Compromise==
Line 47: Line 52:
*A compromised process could persist after navigating to a different FQDN  
*A compromised process could persist after navigating to a different FQDN  
*Overwrite cached content
*Overwrite cached content
====Assets at Risk====
*Cookies and other session tokens
*Saved passwords
*Web content and data
*Cache


==Cross-domain Data Theft==
==Cross-domain Data Theft==
Line 113: Line 124:
Plugins are not planned to be sandboxed yet, since they require their own broker architecture, mostly due to challenges around:
Plugins are not planned to be sandboxed yet, since they require their own broker architecture, mostly due to challenges around:


- filesystem access (file uploads, downloads, media playback)
* filesystem access (file uploads, downloads, media playback)
- auto-update
* auto-update
- potentially registry and network access (binary sockets, etc) - or allow them unlimited access
* potentially registry and network access (binary sockets, etc) - or allow them unlimited access


==General pitfalls==
==General pitfalls==
Confirmed users
717

edits