LadybirdBrowser
Sandboxing and other mitigations
@DemiMarie previously asked about this:
In the modern threat environment, any browser should come with a strong sandbox and other exploit mitigations, for the safety of its users.
I feel a bit bad about making such a complex feature request on a project such as this, but I also want Ladybird’s security, and its users’s safety, to not rely merely on its small market share. While I have not used SerenityOS or Ladybird, the progress that you have made is impressive, and I do not mean to speak negatively of your accomplishments!
Does any of this change now that Ladybird is its own project targeting mainstream operating systems?
I think the only thing that changes from that previous issue is that Ladybird is now actually trying to be more than a hobby project.
Were there any actionable suggestions, questions or recommendations about security that you wanted to bring up? Otherwise, "Yes, we are thinking about sandboxing, security, and fuzzing" is still the status quo.
@ADKaster Does Ladybird implement site isolation?
With Site Isolation, pages and frames are executed in processes dedicated to their origin.
This is a feature Chromium has had for a long time.
Site isolation
Not currently, no, but it's definitely in the plans. At the moment, we create a web renderer process (WebContent) for each tab in the UI. When we add a navigable to a browsing context, we simply add a new object into that same WebContent process. So each iframe shares a process with its parent. We also don't coalesce same-origin tabs into the same process.
That said, a feature like that is something we'd like to do in the future.
Site isolation is now tracked as #302.
See also #292 re: seccomp for child processes.
Thank you, I think there's no reason to keep this ticket open any longer. I will subscribe to those tickets.