If you look at the information pages that Apple has on the security of the Safari browser, you'll see that they say that Safari and its associated plugins execute inside of a sandbox, where requests from code running in the browser are limited to a predefined set of resources. Note: I'm not interested in getting into a discussion here about what is more secure, closed-source or open-source, so please let's leave that discussion from this thread. This makes complete sense not only for Apple protecting their intellectual property, but you could argue in some sense for the security of all of us using the browser software to connect online. Of course I understand that when it comes to a proprietary piece of software - especially something as important as an web browser - you're not going to be able to get down into the source code. What I meant was that I wouldn't shy away from a very technical answer. Perhaps I should clarify what I meant by " So basically what I'm looking for here are not only general answers and references but some really low level technical details if you have them." I'm coming here because the hour or so of internet surfing didn't really yield anything of much value. So basically what I'm looking for here are not only general answers and references but some really low level technical details if you have them. To give you all some background on myself, I am currently studying for a Master's in IT security from an established engineering program. How exactly does the Safari browser "sandbox" secure the operating system from running exploit code ? I know that the sandboxing feature basically limits the OS system calls and directory access of itself or its associated plugins, but are there any further protections in the case of, say, a buffer overflow in the plugin ? By that I mean, if exploit code is allowed to be crunched through the processor, is there any special level of "privilege" assigned to the resulting processes that would protect you from root-privilege level attacks ? If so, please link me in the right direction. This is my first question on Apple Communities forums, so forgive me if I'm repeating a question.
0 Comments
Leave a Reply. |