Tuesday, July 21, 2009

A comment on sandboxing and web security

In "What I Want In Firefox (Parrot)", Ovid expresses his desire for Perl 6 scripting functionality, with the caveat "if the sandbox is secure enough".

Aha, there's your problem.

The Firefox developers clearly didn't have sandboxing in mind when they designed the browser, scripts are essentially free to do what they wish at least with the DOM, as well as access many central browser functions, plus a bunch of things that we really don't want security vulnerabilities for.

Another problem is that JavaScript is fundamentally entrenched in Firefox; too much of Firefox internals are based on JavaScript, and I suspect that a Perl 6 addition would only work so-so at best, even if that hypothetical secure sandbox existed.

Oh, and BTW: the example commits one of the great no-nos of web programming: pushing server side security into the browser, which essentially is no security at all, as seen form the server's point of view.

Why am I being so negative all of a sudden? Well, it might be sudden for this blog, but I've been working with security related cleanup and detection in the context of Linux system administration for a few years now. It's not enjoyable, I can tell you, and it definitely colours my perception of these things. Also, I've had a fair bit to do with thinking about security earlier.

Recommended reading (that should be required) for web programmers:

Innocent Code by Sverre H. Huseby (a buddy of mine), ISBN: 978-0470857441

2 comments:

Jakub Narebski said...

Well, JavaScript could be also implemented on top of Parrot. The question is if we would get coparable performance to other last-generation JavaScript engines, like TraceMonkey (Gecko / Firefox), V8 (Google Chrome), SquirrelFish (WebKit, e.g. Safari).

bakkushan said...

Choose one: performance or security. I greatly prefer the second alternative.