Necko: Sandboxing TCP/UDP socket in a separate process

From MozillaWiki

Revision as of 06:59, 14 November 2017 by Schien (talk | contribs) (initial version)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Objectives

Move all the network and socket operations to an isolated process.

Goals

For security
- Sandboxing network access into a separate process, preventing chrome process from opening socket
- Preventing protocol security hole to be used to control the entire browser
For stability
- Allow recovering network layer without rebooting firefox, if crash/assertion is detected in the socket process
For performance
- No major regression found for start-up performance and network throughput

Requirements

HTTP Channel

FTP Channel

TCP Socket

UDP Socket

DNS

Cache

Proxy

WebSocket

WebRTC

NSS

PKI/PKIX

Sandboxing

Design

Architecture

IPDL

Start-up Procedure

Create HTTP Channel

Create WebRTC Channel

Update Preference

Override Certificate

NTLM

Retrieved from "https://wiki.allizom.org/index.php?title=Necko:_Sandboxing_TCP/UDP_socket_in_a_separate_process&oldid=1184125"