沙箱:受控的运行环境 ,不限制CPU和内存
沙箱化进程被禁用了所有系统调用,只能使用浏览器内核API
using-the-google-chrome-sandbox
new-approach-to-browser-security-google
Chrome只把渲染引擎放入沙箱,没有放插件
(In Chromium, the renderer processes are sandboxed and have this protection. Plugins for Chromium do not yet run inside the sandbox, because many are designed with the assumption that they have full access to the local system. Also note that Chromium renderer processes are isolated from the system, but not yet from the web. Therefore, domain-based data isolation is not yet provided).
通过更高级别的浏览器主进程来完成沙盒化进程的功能
A more privileged process can use these channels to do certain actions on behalf of the sandboxed process. In Chromium, the privileged process is usually the browser process.
单独使用沙箱:将进程分为两部分(进程),一部分提供可信服务,另一部分放入沙箱
The sandbox does not have any hard dependencies on the Chromium browser and was designed to be used with other Internet-facing applications. The main hurdle is that you have to split your application into at least two interacting processes. One of the processes is privileged and does I/O and interacts with the user; the other is not privileged at all and does untrusted data processing.