Comments on: Web browsers, security and Google Chrome

By: Ulisses Castro Security Labs » Blog Archive » Google Chrome + SE Linux = Navegador Blindado

Fri, 05 Mar 2010 07:27:27 +0000

[...] do SE Linux já blogaram sobre essa possibilidde, Russel Cocker (debian/redhat), Dan Walsh(redhat), Joshua Brindle(tresys) comentaram em seus blogs essas semanas sobre esse assunto e eu não poderia deixar de [...]

By: chromebook information

chromebook information — Fri, 08 Jan 2010 20:14:10 +0000

Thanks, been wondering about this, Google has some good tricks up their sleeves.

By: Spencer

Spencer — Mon, 22 Sep 2008 13:19:42 +0000

One more thing.

Safari 4 has this menu item called “Save As Web Application”. Using this option basically causes Safari to create a fork of some binaries (aka our entrypoint) and configs. Then when you run your My Space web application and it crashes and burns due to some miscoded flash it won’t take out the all important Google Reader web application.

The point here is that Safari already has some slick, easy to implement, infrastructure in-place that could really make MAC separation for browser sessions easy to use take advantage of… the other browsers should pick up on it.

By: Philip

Philip — Thu, 18 Sep 2008 13:32:44 +0000

oops, borked that anchor tag. my bad.

By: Philip

Philip — Thu, 18 Sep 2008 13:20:53 +0000

Great post. You might also want to check out the done @ UIUC by Grier, Tang and King. Chrome is similar in principle (decomposing the browser into separate address spaces) but the OP Browser seems to take the decomposition a bit further. The OP paper claims the use of SELinux for sandboxing their subsystems but they don’t publish their policy

By: Spencer

Spencer — Wed, 03 Sep 2008 14:03:48 +0000

You discussed labeling websites and IPs. SELinux already labels IPs but its use in access controls is weak at best and susceptible to spoofing etc. But networking protocols, routing, etc provide some level of protection in that respect. Today we have packet labeling, labeled connections, and IP Sec.

I think you will agree traditional DNS is even a less reliable source for determining labels and making access decisions. If you think about it though the common use case is probably placing a intranet or “mission apps” in one security domain and the Internet in another security domain. So perhaps an enterprise could implement DNSSEC and place all non-signed domains in one “internet_website_t” and signed/DNSSEC, internal domains in “internal_website_t”.

Ignoring other issues like using a different server to resolve or even entering the IP address by hand, the DNS query resolves to an IP. So we’re back to labeling based on IP.

Maybe we could use SSL certs to determine the domain for the individual chrome processes. Let’s assume a simple case: Chrome is given a list of certs for servers that should run “internal_website_t”. When the user requests a page Chrome establishes the connection, does the handshake and key exchange and then setexecon/fork/execs in “internal_website_t”. If there is no cert or the connection isn’t using ssl it ends in internet_website_t.