安全注意事项-ChromeDriver-适用于Chrome的Webdriver [英] Security Considerations - ChromeDriver - Webdriver for Chrome

查看:128
本文介绍了安全注意事项-ChromeDriver-适用于Chrome的Webdriver的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想知道是否有人对此声明所涉及的使用chromedriver的特定风险有更多信息。

I was wondering if anyone had more information on what the specific risks for using chromedriver as was concerned by this statement.

如果可能,请使用无法访问敏感本地或网络数据的测试帐户运行ChromeDriver。永远不要使用特权帐户运行ChromeDriver。

"If possible, run ChromeDriver with a test account that has no access to sensitive local or network data. ChromeDriver should never be run with a privileged account."

想知道使用特权帐户时的具体风险是什么,以及是否可以采取任何预防措施来防范特权风险。

Would like to know what the specific risks are when using a privileged account and what if any preventative measures can be taken to protect against them.

提前谢谢!

推荐答案

Google Chrome浏览器的工作原理



在文章 Chrome浏览器安全性 @STEPHANIE CRAWFORD提到,谷歌利用其作为搜索引擎的功能创建其安全浏览技术,如果Chrome检测到您正在访问的网站包含恶意软件网络钓鱼

How Google Chrome Browser Works

In the article Chrome Browser Security @STEPHANIE CRAWFORD mentioned, Google has leveraged its power as a search engine by creating its Safe Browsing technology which will automatically warn you if Chrome detects that a site you're visiting contains malware or phishing.

Chrome浏览器通过称为沙盒。沙箱意味着将每个进程划分为独立的空间,以查看它们如何分别发挥作用。 Chrome将其工作负载处理为一系列的多个进程,而不是一个大型浏览器进程的一部分。每次您打开网页时,Chrome都会启动一个或更多新功能进程以运行该页面上的脚本。此外,每个Chrome扩展程序和应用程序都在自己的进程中运行。 Chrome通过其多进程架构实现了沙箱。 Chrome能够控制每个进程的访问令牌,从而具有沙箱的安全优势。这些用于进程的访问令牌使该进程可以访问有关系统的重要信息,例如其文件和注册表项。 Chrome会从浏览器启动的进程中拦截每个访问令牌,然后修改该令牌以限制其对该信息的访问。因此,Chrome的沙箱功能可以阻止试图安装恶意软件,捕获您的个人信息或从硬盘驱动器获取数据的网页。沙箱的缺点是无法捕获所有内容。沙盒进程可能仍然能够访问安全性较低的文件系统。它还可能会错过保护由第三方软件管理的注册表项和文件的功能,例如非系统固有的游戏或聊天程序。

Chrome deploys this security measure through a unique security feature termed as Sandboxing. Sandboxing implies, separating each process out into independent spaces to see how they function individually. Chrome handles its workload as a series of multiple processes rather than as part of one large browser process. Each time you open a Web page, Chrome launches one or more new processes to run the scripts on that page. Also, each Chrome extension and app runs in its own process. Chrome implements sandboxing through its multi-process architecture. The security advantage in sandboxing comes with Chrome being able to control the access token for each process. These access token for a process allows that process access to important information about your system, like its files and registry keys. Chrome intercepts each access token from the processes launched from the browser, and it modifies that token to limit its access to that information. So, Chrome's sandboxing helps block web pages that try to install malware, capture your personal information or obtain data from your hard drive. The drawback of sandboxing is that, it can't catch everything. A sandboxed process might still be able to access less secure file systems. It's also likely to miss protecting registry keys and files managed by third party software, like a game or chat program that isn't native to the system.

在启动 WebDriver 使用 Selenium 最近我们一直在提倡使用某些命令行参数:

While initiating a WebDriver controled Chrome Browsing Context using Selenium recently we had been advocating to use a certain command line argument:


  • -no-sandbox :对于通常被沙盒化的所有进程类型禁用沙盒。

请参阅:

  • WebDriverException: unknown error: DevToolsActivePort file doesn't exist while trying to initiate Chrome Browser
  • How to configure ChromeDriver to initiate Chrome browser in Headless mode through Selenium?
  • unknown error: session deleted because of page crash from unknown error: cannot determine loading status from tab crashed with ChromeDriver Selenium

还有更多与沙盒相关的标志,这些标志使沙盒进程无需aj即可运行分配给他们的ob对象。要使Chrome在RemoteApps或Citrix中运行,此标志是必需的。该标志可以降低沙盒进程的安全性,并允许它们执行某些API调用,例如关闭Windows或访问剪贴板。同样,我们也失去了终止某些进程的机会,直到拥有它们的外部作业完成为止。

There are a couple of more Sandbox related flags available which enables the sandboxed processes to run without a job object assigned to them. This flag is required to allow Chrome to run in RemoteApps or Citrix. This flag can reduce the security of the sandboxed processes and allow them to do certain API calls like shut down Windows or access the clipboard. Also we lose the chance to kill some processes until the outer job that owns them finishes.

  • --allow-no-sandbox-job: Disables usage of sandbox job.
  • --allow-sandbox-debugging: Allows debugging of sandboxed processes.
  • --disable-gpu-sandbox: Disables the GPU process sandbox.
  • --disable-namespace-sandbox: Disables usage of the namespace sandbox.
  • --disable-seccomp-filter-sandbox: Disable the seccomp filter sandbox (seccomp-bpf) (Linux only).
  • --disable-setuid-sandbox: Disable the setuid sandbox (Linux only).
  • --disable-win32k-lockdown: Disables the Win32K process mitigation policy for child processes.
  • --enable-audio-service-sandbox: enable the audio service sandbox.
  • --gpu-sandbox-allow-sysv-shm: Allows shmat() system call in the GPU sandbox.
  • --gpu-sandbox-failures-fatal: Makes GPU sandbox failures fatal.
  • --no-sandbox-and-elevated: Disables the sandbox and gives the process elevated privileges (Windows only).

沙盒利用操作系统提供的安全性来执行无法对计算机进行永久更改或访问信息的代码执行机密。沙箱提供的体系结构和确切保证取决于操作系统。

Sandbox leverages the OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential. The architecture and exact assurances that the sandbox provides are dependent on the operating system.


  • 的实现原则:


    • 不要重新发明轮子:很容易扩展操作系统内核,具有更好的安全模型。别。让操作系统将其安全性应用于它控制的对象。另一方面,可以创建具有自定义安全模型的应用程序级对象(抽象)。

    • 最低特权原则:这应该同时应用于沙盒代码和控制沙盒的代码。换句话说,即使用户无法提升为超级用户,沙箱也应能正常工作。

    • 假设沙盒代码是恶意代码:出于威胁建模的目的,一旦执行路径超过了main()函数中的一些早期调用,我们就认为沙盒受到了破坏(即运行恶意代码)。实际上,它可能会在接受第一个外部输入后立即发生,或者恰好在进入主循环之前发生。

    • 要敏捷:非恶意代码不尝试访问无法获取的资源。在这种情况下,沙箱应该对性能产生几乎为零的影响。在需要以受控方式触摸敏感资源的特殊情况下,可以对性能进行惩罚。如果操作系统安全性使用不当,通常就是这种情况。

    • 仿真不是安全性:仿真和虚拟机解决方案本身无法提供安全性。沙箱不应依赖代码仿真,代码转换或修补程序来提供安全性。

    • windows implementation principles:
      • Do not re-invent the wheel: It is tempting to extend the os kernel with a better security model. Don't. Let the operating system apply its security to the objects it controls. On the other hand, it is just okay to create application-level objects (abstractions) that have a custom security model.
      • Principle of least privilege: This should be applied both to the sandboxed code and to the code that controls the sandbox. In other words, the sandbox should work even if the user cannot elevate to super-user.
      • Assume sandboxed code is malicious code: For threat-modeling purposes, we consider the sandbox compromised (that is, running malicious code) once the execution path reaches past a few early calls in the main() function. In practice, it could happen as soon as the first external input is accepted, or right before the main loop is entered.
      • Be nimble: Non-malicious code does not try to access resources it cannot obtain. In this case the sandbox should impose near-zero performance impact. It's ok to have performance penalties for exceptional cases when a sensitive resource needs to be touched once in a controlled manner. This is usually the case if the OS security is used properly.
      • Emulation is not security: Emulation and virtual machine solutions do not by themselves provide security. The sandbox should not rely on code emulation, code translation, or patching to provide security.

      这篇关于安全注意事项-ChromeDriver-适用于Chrome的Webdriver的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆