From 210e13021dc12e11a8bea0d14e21dcfd1fec4681 Mon Sep 17 00:00:00 2001 From: sose Date: Wed, 28 Apr 2021 07:37:22 +0000 Subject: [PATCH] Update 'readme.md' --- readme.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/readme.md b/readme.md index 2866435..05ac495 100644 --- a/readme.md +++ b/readme.md @@ -60,17 +60,17 @@ debian, other - Obviously, executing arbitrary Javascript from around the web is never going to be completely safe, however the following steps have been taken to ensure the saftey of the host machine: - - All websites have a maximum time in which they have to load their + - All websites have a maximum time in which they have to load their content (default 2s) and execute any scripts (default 2s) - - When running outside of a Docker container, all renderer processes + - When running outside of a Docker container, all renderer processes will be run inside the Chromium sandbox (https://github.com/chromium/chromium/blob/master/docs/linux/sandboxing.md) - - When running inside of a Docker container, the entire program is + - When running inside of a Docker container, the entire program is running inside a Docker container (as an unprivileged user). - - Nodejs integration is disabled in all renderer processes - - Context isolation is enabled in all reneder processes - - Any request for browser permissions is automatically denied - - Any request to create a new window is automatically denied + - Nodejs integration is disabled in all renderer processes + - Context isolation is enabled in all reneder processes + - Any request for browser permissions is automatically denied + - Any request to create a new window is automatically denied - Essentially, in theory, the machine hosting hellgate should not be at any more risk than a regular web broser. However, security vulnerabilities exists, and no software is perfect, not Docker, not Chromium, not Linux not