CEF Forum

Hi people,

According to this: http://www.chromium.org/developers/desi ... d-plug-ins

The renderer process is a restricted/sandboxed process:

"In each of the multi-process architectures, Chromium's renderer processes are executed within a sandboxed process that has limited access to the user's computer. These processes do not have direct access to the user's filesystem, display, or most other resources. Instead, they gain access to permitted resources only through the browser process, which can impose security policies on this access. As a result, Chromium's browser process can mitigate the damage that an exploited rendering engine can do."

I'm using Xilium.CefGlue/Cef3.
Knowing this, how come that I can still load a image or file from a RenderProcessHandler, which supposedly run in the render process? I really like the freedom I have in the render process, but I'd really like to know why is it so, when the Chromium documentation states a different point of view.

Thanks
Balazs

That might depend on how you initialize CEF. The sandbox is optional, see https://bitbucket.org/xilium/xilium.cef ... ult#cl-211

Best regards,
JornH

I'm looking at current CEF Glue code for ExecuteProcess and see signature: public static int ExecuteProcess(CefMainArgs args, CefApp application, IntPtr windowsSandboxInfo)

But I don't see how to create sandboxInfo. I don't see any methods exposed to support creating, I expected to see: CefScopedSandboxInfo

Does this mean there is currently no sandbox support in XiliumGlue/CefGlue?

Lynn