- Sep 15, 2008
- 5,049
- 182
- 116
It would be nice if browsers would be chrooted by default when installed. It seems no one can make a secure browser these days. They have no reason to need access to the entire file system. Just need a place to store settings, bookmarks and downloads.
I looked into what it takes to chroot it but it's quite involved. Need to actually try it some day.
No, Chrome still allows access to the filesystem, there is no access control yet.Chrome/Chromium does everything you've mentioned.
No, Chrome still allows access to the filesystem, there is no access control yet.
What is needed is a complete web OS that runs in an access controlled VM.
The renderer and plugin processes shouldn't have access to anything. They have to go through the broker process.
On Windows they run at an untrusted integrity level which cannot access anything.
What needs to happen is that browsers need to be truly sandboxed, like a VM or chroot.