7

I read about Chrome OS in the security section, and I was wondering what the meaning of "sandboxing" that they keep mentioning is. Is this sandboxing like Selinux or Apparmor ?

D.W.
  • 98,420
  • 30
  • 267
  • 572
user53427
  • 155
  • 1
  • 1
  • 10
  • 1
    Possibly related: [What is sandboxing?](http://security.stackexchange.com/questions/5334/what-is-sandboxing) – Shadur Aug 14 '14 at 07:41
  • 1
    1. What research have you done? There's lots written about this on the net. We expect you to make a serious effort to answer your own question before asking here. For instance, Wikipedia has [an article on sandboxing](https://en.wikipedia.org/wiki/Sandbox_%28computer_security%29) at the obvious place. If there's a Wikipedia article that largely answers your question, then you haven't done enough research. Same if there's a question here on the site that is easily findable through search (such as the article Shadur pointed you to). – D.W. Aug 14 '14 at 21:07
  • 1
    2. Please stick to one question per question. You currently have two questions: "what does sandboxing mean for Chrome OS?" and "is Chrome OS more secure than CentOS". That is not appropriate. Also, the latter question is too broad and too subjective to be a good fit. – D.W. Aug 14 '14 at 21:08
  • Chrome (the browser) uses Linux namespaces and seccomp/BPF system call restrictions to run native processes in unescapable and restricted containers. These processes can do many computations but can't directly access any user data or system APIs. Users can, via interacting with Chrome's UI, provide means for data to cross the sandbox (e.g. uploading or downloading files). I'd assume Chrome OS relies on the same principles though some implementation details will differ. – Steve Dodier-Lazaro Aug 15 '14 at 16:04

2 Answers2

11
  • Google Chrome OS is a Linux-based operating system on which Chrome is the browser and focuses on the use of the online applications that belong to Google (Google Drive, Youtube ...). It is the direct competetor with Windows OS of Microsoft.
  • Centos OS is also a Linux-based operating system but unlike Chrome OS which runs on mobiles, Centos OS is widely used for servers.
  • Sandboxing is a concept that you see frequently in Chrome Os because it is the commercial version of the free and open source project Chromium OS which relies on sandboxing mechanism. Sandboxing, in very simple terms is related to security, especially to prevent from malware effects on the OS. You can for example visit a website with the browser of Chromium OS: if the URL hosts a JavaScript malware (drive-by download attack), there is no chance for the malware to affect your OS given the principle of sandboxing notion which is better explained here:

The sandbox is a C++ library that allows the creation of sandboxed processes — processes that execute within a very restrictive environment. The only resources sandboxed processes can freely use are CPU cycles and memory. For example, sandboxes processes cannot write to disk or display their own windows. What exactly they can do is controlled by an explicit policy. Chromium renderers are sandboxed processes.

AppArmor and Selinux have the same goals as the sandboxing notion, but the principle of their functionment is different. Mainly sandboxing does not allow its security boundaries to be breached unlike the 2 other Linux softwares.

  • Your answer is good. I just tried to simplify everything a bit more to match the OP's apparently knowledge level. I also included more information about how sandboxing works in ChromeOS. – trlkly Aug 14 '14 at 09:59
  • @trlkly You simplified the explanation of several tricky details through your answer. Thank you for being generous. –  Aug 14 '14 at 12:42
  • the sandboxing is unique to Chrome OS or is also apply to all linux distro ? what more secure centos or chrome os ? – user53427 Aug 14 '14 at 14:07
  • @user53427 No, sandboxing is not unique to Chrome OS: most of the browsers you use everyday have sandboxing mechanisms implemented in their core to prevent malicious JavaScript attacks that target the browsers. For your second question: Centos is dedicated for servers whereas Chrome OS is pre-installed on netbooks: so this meanq Centos is far more robust and secure as it is meant to run a wide range of applications on Internet unlike Chrome OS. –  Aug 14 '14 at 14:21
  • It's not correct to say that AA and SELinux have the same goals as sandboxing models, as they do not account for contextual access to data at all; they have static policies. In fact they're a very poor fit for e.g. a desktop sandboxing mechanism (but good if adapted for e.g. completely isolated compartments such as the SELinux-sandbox). – Steve Dodier-Lazaro Aug 15 '14 at 16:02
6

A sandbox is like a special "section" of your computer that has been blocked off from accessing the rest of your computer. In a perfect sandbox you can do anything you want within it, but it will not effect the rest of your computer. This is used as a form of security, keeping any malware you might download from being able to affect the rest of your computer. It can only affect the sandbox.

The name "sandbox" comes from the idea that everything inside of it is not permanent. At any point, you can reset the sandbox back to where it was. Everything is built out of sand.

What ChromeOS does is apply sandboxing to every application and plugin process it runs. Each process is put into two different sandboxes. The first sandbox is the SETUID sandbox, which gives each application a place on the disk that it cannot leave. The rest of the disk cannot be affected. The second sandbox is referred to as seccomp-bpf, and it protects the operating system itself from being messed with.

Selinux and AppArmor are mostly similar to SETUID, in that they primarily protect the disk rather than the OS itself. However, they do not work using a sandboxing principle. Instead, they attempt to catch the process "in the act" of doing something wrong, and prevent it from working.

As for ChromeOS versus CentOS, they are just very different things. CentOS is just a conventional Linux operating system, based on RedHat. It is a full operating system that can be used for a variety of purposes. ChromeOS, on the other hand, is a modified Linux operating system designed specifically for consumers and low-powered laptops. It uses an Internet-based computing model, with all applications running on top of a web browser.

ChromeOS may be more secure out-of-the-box than CentOS, but it's also much more limited in what it can do. And you can configure CentOS to use the same protections that ChromeOS uses if you want. Or you can employ other security measure, some better, some worse.

trlkly
  • 162
  • 5
  • +1 for the last paragraph. ChromeOS only competes with Windows\OSX\Conventional Linux for the subset of users who only use their computer to run a web browser. – Dan Is Fiddling By Firelight Aug 14 '14 at 13:47
  • SELinux and AA are not about "protecting the disk rather than the OS", they're MAC and are very very good at protecting the OS and protecting users from one another. Sandboxing also has nothing to do with "catching a process in the act" as seen w/ seccomp-based sandboxes or Capsicum which can be used for sandboxing and actually block/redirect syscalls at runtime, or with control-flow-integrity sandboxes (e.g., libdetox). – Steve Dodier-Lazaro Aug 15 '14 at 16:06
  • They actually stop actions before they happen, rather than let them go ahead and happen but not affect anything, which is what a sandbox does. If the calls are actually blocked, it's not sandboxing. And everything I've read about them indicate they do not work on the kernel level. I know ChromeOS originally did not use it to protect the kernel. – trlkly Aug 16 '14 at 08:18