Conversation

With two recent commits by deraadt@, it is now possible to find in ps(1)'s STAT column which processes have unveiled (u/U), much like the existing support for pledge (p). In addition to that, a new '-o pledge' keyword was added to show a comma-separated list of active pledges.
Image
1
27
With this you can clearly see the 'U' unveil installed/locked state of the chrome processes, in addition to the active pledges for the different chromium process types (main/renderer/gpu).
2
8
By comparison, here's Firefox. You can see only two process types, the main browser process and two content processes. And due to not being privsep from the start, the pledges are incredibly broad and do not afford you as much protection as with chromium. Also note, no unveil(2).
Image
1
1
The Firefox sandbox on Windows lacks site isolation, but it's a better implementation with a compositor process and GPU process among other differences. It also doesn't have the issues tied to infrastructure like X11 and pulseaudio not being designed to support app sandboxing.
1
1
Show replies