Sandbox NPAPI

Brett Wilson brettw at google.com
Wed Feb 2 18:26:10 PST 2011


On Wed, Feb 2, 2011 at 6:20 PM, Maciej Stachowiak <mjs at apple.com> wrote:
>
> On Feb 2, 2011, at 6:10 PM, Jethro Villegas wrote:
>
>> Yes, we'd like the flexibility to choose what we broker and not have multiple pass-through functions in NPAPI. I do think we'll need an API for the process spawning so that the process is a child of the browser (and not the plug-in which would be running low-privilege.)
>
> Is there a reason the plugin can't spawn the broker before entering the sandbox, while it still has high privileges? As far as we can tell, this would work fine, even in Chrome's sandboxing model.

I'm not an expert on this stuff, but on Linux Chrome at least, the
child processes are all forked off of the same "zygote" process after
entering the sandbox. I don't know if this is required or is just an
optimization.

Brett


More information about the plugin-futures mailing list