-
Notifications
You must be signed in to change notification settings - Fork 15.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow electron renderers to be run inside chromium sandbox #6712
Comments
This is needed by a few special projects and as far as I know some organizations are already doing this in their own forks. But moving Electron's API stack from Node is too ambitious, a more practical way is to provide a very small set of APIs under sandbox to allow communicating with the main process. |
Do you mean by providing an implementation of I think this would be a good start, but what would be even better is to completely decouple electron's renderer API from node.js, to make it fully useable not only with nodeIntegration enabled but also in a sandboxed renderer. In other words, nodeIntegration would simply add node.js APIs to the renderer, but it would not be required to access electron's APIs. In any case, having a simple implementation of |
@sindresorhus will you elaborate on your thumbs down? I'm curious to know your perspective here. |
Hi @tarruda I'm willing to get the crash-reporter working in sandboxed renderers. |
Not by design, I simply left this for later(Feel free to take this task) |
I think that this will create a pretty massive maintenance burden, I'd rather enable simple IPC and leave it at that |
need add access to webFrame in sandbox_renderer, or any another way to interact with webFrame when used sandbox_renderer. |
A +1 to what @dregenor said. We need the webFrame (or similar) in the preload so that we can call |
I also need access to |
@tarruda Hi, I'm currently working on a project using Electron where we want to render a webpage on a BrowserWindow and I'm trying to figure out which is more secure (prevent remote content from accessing Node or other APIs, plus standard security like the chromium sandbox).
Which option is more secure? |
electron sandbox is not very secure since the renderer has full system access via IPC(plus no context isolation yet). I can't say which is more secure, but I definitely wouldn't recommend loading untrusted content into electron. |
@jack-mo there's actually a great documentation page about these options available here: https://electron.atom.io/docs/api/sandbox-option/ (it's a bit buried at the moment, only accessible via a link from the |
@tarruda what's the benefit of using |
@tarruda I read there brave/muon#165 that you have made some progress on the support of |
With With If this is considered a benefit, depends on POV. Personally I don't like the idea of node.js running in the same process untrusted code is executed, since bugs in node.js could increase the attack surface. |
The top 2 commits of this branch enable sandbox for webview as well as As far as I can see, the main problem with that branch is that it relies on chromium internals(casting ot |
@tarruda According to documentation,
Is there a dedicated issue I can track to check on the progress of this item? Thank you! |
@tarruda is this still being worked on? |
@codebytere Not currently, these tasks still must be done. If required I can close the issue and track them somewhere else. |
Is sandboxing still only an option for the entire app, not just webviews? This documentation seems to imply that sandboxing a webview is possible, but it's not clear:
|
I second @mhuggins the documentation implies that sandboxing is possible for webview |
I believe all this work has already been done. Feel free to create follow-up issues in case there is something missing. |
Progress on supporting sandbox in electron started in #6919, but the remaining work will be done by future PRs. This issue will be used to track progress on all relevant tasks.
sandbox
option towebPreferences
ofBrowserWindow
. (Add sandbox option and support native window.open #6919)window.open
API in sandboxed renderers. (Add sandbox option and support native window.open #6919)AtomRendererClient
into a base class that is also shared byAtomSandboxedRendererClient
.sandbox
option to<webview>
tag.lib/renderer/
andlib/common
. The goal is to support the full electron API in sandboxed renderers.The text was updated successfully, but these errors were encountered: