Update 'readme.md'
This commit is contained in:
parent
6fff5c3cb8
commit
210e13021d
14
readme.md
14
readme.md
|
|
@ -60,17 +60,17 @@ debian, other
|
|||
- Obviously, executing arbitrary Javascript from around the web is never going
|
||||
to be completely safe, however the following steps have been taken to ensure
|
||||
the saftey of the host machine:
|
||||
- All websites have a maximum time in which they have to load their
|
||||
- All websites have a maximum time in which they have to load their
|
||||
content (default 2s) and execute any scripts (default 2s)
|
||||
- When running outside of a Docker container, all renderer processes
|
||||
- When running outside of a Docker container, all renderer processes
|
||||
will be run inside the Chromium sandbox
|
||||
(https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md)
|
||||
- When running inside of a Docker container, the entire program is
|
||||
- When running inside of a Docker container, the entire program is
|
||||
running inside a Docker container (as an unprivileged user).
|
||||
- Nodejs integration is disabled in all renderer processes
|
||||
- Context isolation is enabled in all reneder processes
|
||||
- Any request for browser permissions is automatically denied
|
||||
- Any request to create a new window is automatically denied
|
||||
- Nodejs integration is disabled in all renderer processes
|
||||
- Context isolation is enabled in all reneder processes
|
||||
- Any request for browser permissions is automatically denied
|
||||
- Any request to create a new window is automatically denied
|
||||
- Essentially, in theory, the machine hosting hellgate should not be at any
|
||||
more risk than a regular web broser. However, security vulnerabilities
|
||||
exists, and no software is perfect, not Docker, not Chromium, not Linux not
|
||||
|
|
|
|||
Loading…
Reference in New Issue