Skip to content
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.

Chrome Sandbox is disabled in electron. Is this secure? #19

Closed
wanderer opened this issue Jun 30, 2016 · 7 comments
Closed

Chrome Sandbox is disabled in electron. Is this secure? #19

wanderer opened this issue Jun 30, 2016 · 7 comments
Labels
discussion electron

Comments

@wanderer
Copy link

The Chromium sandbox was basically ripped out of electron. Is this a security concern to beaker?

Ref: http://blog.scottlogic.com/2016/03/09/As-It-Stands-Electron-Security.html
@perguth
Copy link

perguth commented Jun 30, 2016

Nice article! There has been a follow-up blogpost mentioning the now implemented fixes and also the official security guide.

@pfrazee
Copy link
Member

pfrazee commented Jun 30, 2016

Thanks @wanderer for bringing this up, and thanks @pguth for the useful followups.

To recap: the Chromium sandbox is an extra layer of protection around the Web platform sandboxing. It protects from exploits against the Web platform's implementation. Electron doesn't have it enabled.

In my opinion, It is a security concern, but not a critical one. We should track its status, and possibly copy from Brave's solution when Beaker is more mature.

@perguth
Copy link

perguth commented Jun 30, 2016
edited
Loading

I would rather rephrase to: It is a critical security concern but we can _carefully_ manage for the time of initial development because:

a) it seems the development is going quickly.
b) the brave browser pioneered a solution.

In the words of the electron security guide:

[...] be aware that displaying arbitrary content from untrusted sources poses a severe security risk that Electron is not intended to handle. [...] if your application executes code from an online source, it is your responsibility to ensure that the code is not malicious.

It closes with:

If your goal is to display a website, a browser will be a more secure option.

@pfraze: Sorry for the wrong impression my first post gave.

@pfrazee
Copy link
Member

pfrazee commented Jun 30, 2016
edited
Loading

@pguth Calling this critical obscures the nature of the issue. Calling it critical makes it sound like there's a known vector to escape the Web API sandbox. That's not the case. The issue is, if there is a vulnerability in the Web API or plugin system, there's no process-level sandbox to contain that failure.

Otherwise, we're in agreement. Before Beaker can be considered a mature browser, it'll need to adopt a process-level sandbox.

@perguth
Copy link

perguth commented Jul 1, 2016

Calling this critical obscures the nature of the issue. Calling it critical makes it sound like there's a known vector to escape the Web API sandbox.

Ah, I see.

@pfrazee pfrazee changed the title Chrome Sandbox is disabled in election is this secure? Chrome Sandbox is disabled in electron. Is this secure? Sep 29, 2016
@pfrazee
Copy link
Member

pfrazee commented Sep 29, 2016

Important progress made by electron recently: electron/electron#6919

There may still need to be more work before I can adopt that flag here. Tracking issue: electron/electron#6712

@pfrazee pfrazee mentioned this issue May 29, 2017
Closed
@pfrazee
Copy link
Member

pfrazee commented May 6, 2020

The process-level sandbox is now enabled

@pfrazee pfrazee closed this as completed May 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
discussion electron
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@perguth @wanderer @pfrazee