Security Tightened For Flash On Linux

Chrome version 20 has been a welcome news for Linux users, especially because it introduces a new sandbox concept, which regulates and filters the system. Linux was so far neglected from the security features and other add-ons in the Chrome browser. Features like restricting hazardous plugins like Flash to a secure sandbox were mainly restricted for the Windows versions. 

In February this year, Google introduced Pepper Flash for 64-bit Linux, which primarily isolates the plug-in process and blocks communication with other processes. Fortunate for Linux users, the recently announced Chrome 20 adds a secure computing sandbox. 

Seccomp is a security extension for the Linux kernel which restricts the system calls a thread can make. It was originally designed to limit calls to just reading and writing via previously opened file handles (read(), write()) and proper termination (exit(), sigreturn()). If a restricted thread attempts to make any other system call, the kernel terminates it directly. To make it more widely usable, the developers added the ability to have system calls sent to a special broker which checks calls against a list of permitted functions and checks any arguments before forwarding them to the system, The H reports.

According to Google developer, Chris Evans, Chrome 20's native 64-bit Flash plug-in is, at least in the current Ubuntu 12.04, isolated within a seccomp sandbox, thus complimenting the Pepper Flash sandbox.

Source : news.efytimes.com