Why don't browsers use sandbox on FreeBSD?

[Pwkepkw]

Firefox gives a message right after the installation, saying that some of the components are not available because they had needed backends. One of them is the sandbox.
Although it doesn't give any message, chromium or iridium doesn't have any sandbox too. chrome:sandbox gives me a blank page.

I'm bit afraid to use a browser that doesn't have a sandbox. Do anybody have the same problem too?

 

[Lamia]

There is little FreeBSD developers can do about that. The orgs that made the browsers need to get their developers to add it into their respective browsers.

A number of them have done so though. Capsicum is a sandbox, if I am correct, and a number of apps now have it integrated into them. The FreeBSD team is also continuously working to get some services run on it.

 

[Pwkepkw]

There is little FreeBSD developers can do about that. The orgs that made the browsers need to get their developers to add it into their respective browsers.

A number of them have done so though. Capsicum is a sandbox, if I am correct, and a number of apps now have it integrated into them. The FreeBSD team is also continuously working to get some services run on it.

So, people who use freebsd as their daily OS, they really use unsandboxed browsers? Isn't it a big security issue?

 

[drhowarddrfine]

Pwkepkw Since NO browser has a sandbox you can use anywhere, what are you using?

Of course, what you are saying isn't true at all.

 

[Lamia]

Running your browser in a virtualbox or a jail is more or less running it in a sandbox.

 

[drhowarddrfine]

Lamia But that's not the subject.

 

[Deleted member 30996]

So, people who use freebsd as their daily OS, they really use unsandboxed browsers? Isn't it a big security issue?

I use FreeBSD as my daily OS and don't consider it an issue. I use the HTTPS Everywhere, NoScript, Privacy Badger, Toggle Referrer, uBlock Origin and User-Agent Switcher extensions for Firefox, run my browser from the usr account only and am not the least bit worried.

 

[Pwkepkw]

Other than running the browser in jail, is it possible to compile browser with capsicum backend?

 

[unitrunker]

1. run it chroot'd
2. run it with super capsicumizer 9000
3. run it in a jail.

https://github.com/myfreeweb/capsicumizer

I'm curious what it would take to get X running in a jail.

Back to the browser - typing 'pgrep iridium' returns 8 or so process ids - so you have some process level sandboxing.

(iridium is a chromium derivative)

 

[olli@]

FWIW, Chrome (and chromium) put each tab in its own, separate process, so this is one level of sandboxing. Furthermore it's probably a good idea to run your browser inside a jail (probably with a different, non-privileged user ID). It's not perfect because it can still access your X server (this will be better with Wayland), but it should be sufficient for most purposes.

 

[hukadan]

I'm curious what it would take to get X running in a jail.

It is not too much work (if by that you mean running an X application in a jail -- here is the HowTo I wrote sometime ago) but as said by olli@ you still have to use X forwarding which reduces a lot the isolation provided by jails. I have been playing with x11/xpra lately in order to get ride of this X forwarding (IIRC, x11/xpra is used by the Subgraph Linux distribution for this very purpose). I still have to find a way to play videos smoothly though.

 

[unitrunker]

This seems like a feature for the window manager. Anything launched from a window manager menu is automatically placed in a jail (or capsicumized or chroot'd). You have *really* isolated desktop environments.

X and Wayland both rely on shared memory to push pixmaps across processes. Otherwise, the pixmaps must be pushed over the wire which is much slower. That may be impacting your videos.

 

[hukadan]

This seems like a feature for the window manager.

Reading further, they use a launcher called Oz and use x11/xpra with Unix Domain Socket (may be a hint since I did not try yet using socket) for X applications.

X and Wayland both rely on shared memory to push pixmaps across processes. Otherwise, the pixmaps must be pushed over the wire which is much slower. That may be impacting your videos.

As a simple user, my knowledge on the subject is not deep enough to even understand your sentence. But at least, I know where to look and read.

 

[ShelLuser]

Features don't keep you safe, your actions do. Unless you;re using that browser as root I don't see how this could cause any issues.

 

[tingo]

I have been playing with x11/xpra lately in order to get ride of this X forwarding

Thanks - I didn't know about xpra. A quite interesting tool.

 

[hukadan]

I use Windows since more than 40 years.....

Windows 1.0 was released in 1985. So unless you are back from the future, you can't have been using it for more than 40 years .

 

[olli@]

I use Windows since more than 40 years.....

Do you mean Microsoft Windows? The first version was released in 1985, so that would be 34 years at most.

I never got any viruses, I have never been hacked in any manner

Let's say you never noticed you've been hacked. You'll never know for sure.

On several occasions I had to fix Windows PCs that had “undefined problems”. Turned out they were hacked and/or malware-infected, without their owner being aware of it. Typically the complaint was that “the internet is slow” or “the HDD lights up all the time”. They had no idea that their PC was sending 10,000 spam mails per minute.

The main things : never run a browser in root mode

More importantly: Don't even log into your machine (or into the X server) as root. Even better, change the root account to have /usr/sbin/nologin as its login shell.

And I personally recommend you to switch to Firefox.

Well, it's purely a matter of taste which browser you use. Personally I dislike Firefox. I use Chromium (Chrome) for most things. For simple web pages that don't require JavaScript I use Dillo, because it is much, much faster than the other browsers, and more secure because it doesn't support JavaScript at all (but unlike lynx or w3m it is a graphical browser that supports CSS with images, tables etc.).

 

[obsigna]

Pwkepkw, what do you expect to see below the given link, namely chrome://sandbox?

I got the most recent versions of chrome 76.0.3809.87 on Mac (German localization) and Windows (Portuguese localization), and I see only:

Mac

Windows

So what?

 

[shkhln]

Why don't browsers use sandbox on FreeBSD?

The actual intellectually honest answer: some things are written against Linux-specific interfaces and it takes time and effort to port (or rewrite) them. There are no other reasons.

The main things : never run a browser in root mode

Protecting root isn't all that important when all your valuable information is stored under your regular user account.

 

[George]

I think Chromium uses the "sandbox" feature, unless you specify the "--no-sandbox" command line option.

https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

 

[drhowarddrfine]

The actual intellectually honest answer

The actual answer is that NO browser runs sandboxed unless you, the user, sandbox it. As already stated, browsers sandbox their tabs within the browser. The original question assumes all other operating systems sandbox the browser. The reality is, as I already said, NO operating system does this!

 

[shkhln]

I'm talking about unimplemented features in general, but if you want to pick an internet fight around the definition of the word "sandbox", you sure can.

The actual answer is that NO browser runs sandboxed unless you, the user, sandbox it.

Am I supposed to implement this myself?

As already stated, browsers sandbox their tabs within the browser.

Firefox explicitly doesn't do this. There is a limited pool of content processes.

The original question assumes all other operating systems sandbox the browser.

Nope. The original question talks about pkg info -D firefox message. Go read it.

The reality is, as I already said, NO operating system does this!

Ok.

 

[unitrunker]

There may be some confusion on running a sandboxed app vs.keeping bits of javascript for mucking with other sites.

 

[xtremae]

Although it doesn't give any message, chromium or iridium doesn't have any sandbox too. chrome:sandbox gives me a blank page.

The page is blank because unlike other platforms, neither of those browsers is officially supported on FreeBSD, they are ports. On supported platforms (like Linux), they use platform specific extensions like network and PID namespaces (which if I'm not mistaken were created by Google), seccomp-bpf, SELinux, etc.

 

[Deleted member 9563]

I use Windows since more than 40 years.....

Windows 1.0 came out 32 years ago. (November 20, 1985) Although the first smoothly working version was 3.1 which came out in 1992. (27 years ago)

But yeah, those early versions are kinda fun nowadays. I especially like 3.0 on a TTL monitor - very cool.