88
edits
Security/Mentorships/MWoS/2014/B2G-IPC-Audit: Difference between revisions
Security/Mentorships/MWoS/2014/B2G-IPC-Audit (view source)
Revision as of 17:15, 16 August 2014
, 16 August 2014→Description
(→Scope) |
|||
| Line 13: | Line 13: | ||
=== Description === | === Description === | ||
FirefoxOS uses a defensive programming technique called '[[Security/Sandbox|sandboxing]]' to help limit the control of an attacker who has already compromised an application running on the system. This is implemented by separating different system tasks into multiple processes. Each process possesses the [http://en.wikipedia.org/wiki/Principle_of_least_privilege least amount of privileges] it needs to complete its required task. For example a process responsible for rendering webpages must process a large amount of network attacker controlled input. If a bug is found in the webpage rendering code there is a strong chance it can be exploited | FirefoxOS uses a defensive programming technique called '[[Security/Sandbox|sandboxing]]' to help limit the control of an attacker who has already compromised an application running on the system. This is implemented by separating different system tasks into multiple processes. Each process possesses the [http://en.wikipedia.org/wiki/Principle_of_least_privilege least amount of privileges] it needs to complete its required task. For example a process responsible for rendering webpages must process a large amount of network attacker controlled input. If a bug is found in the webpage rendering code there is a strong chance it can be exploited | ||
by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action that it is not given initial access to. In many cases the required action can still be triggered by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through inter-process communication (IPC). The privileged application can verify that the request message is well formatted and non-malicious | by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action that it is not given initial access to. In many cases the required action can still be triggered by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through mechanisms such as inter-process communication (IPC). The privileged application can verify that the request message is well formatted and non-malicious before executing it. | ||
A great technical introduction for FirefoxOS IPC can be found here:<br /> | A great technical introduction for FirefoxOS IPC can be found here:<br /> | ||