Talk:Site isolation

Latest comment: 8 months ago by RoySmith in topic GA Review

Did you know nomination

edit
The following is an archived discussion of the DYK nomination of the article below. Please do not modify this page. Subsequent comments should be made on the appropriate discussion page (such as this nomination's talk page, the article's talk page or Wikipedia talk:Did you know), unless there is consensus to re-open the discussion at this page. No further edits should be made to this page.

The result was: promoted by AirshipJungleman29 talk 01:30, 31 January 2024 (UTC)Reply

Created by Sohom Datta (talk). Self-nominated at 19:43, 30 December 2023 (UTC). Post-promotion hook changes for this nom will be logged at Template talk:Did you know nominations/Site isolation; consider watching this nomination, if it is successful, until the hook appears on the Main Page.Reply

  •   Article is new enough, long enough, QPQ done, sourcing is good, prose is good. No copyvio that I notice. I think hooks need a little work; the primary one I found too difficult to understand (I hadn't heard of site isolation before reading the article).
What do you think of this: ALT3: ... that adding the browser security feature site isolation made Google Chrome use 10% more RAM? toobigtokale (talk) 03:36, 29 January 2024 (UTC)Reply
ALT3 Seems good to me :) Sohom (talk) 06:36, 29 January 2024 (UTC)Reply
  Approved for ALT3. toobigtokale (talk) 11:07, 29 January 2024 (UTC)Reply

Jargon

edit

This article can greatly benefit from defining what it means by 'site', 'cross-origin site' (the latter probably should be changed to something like 'cross-origin web page', as it doesn't refer to site in the sense of origin) and 'instance' (which refers to a renderer instance like a tab or window and not a browser instance). See also https://www.chromium.org/developers/design-documents/site-isolation/ --PaulT2022 (talk) 22:54, 3 February 2024 (UTC)Reply

Also, The singular rendering process would engage with other privileged services when necessary to execute elevated actions when viewing a web page. is incorrect per the Chromium link above ('Chrome made an effort to place pages from different web sites in different renderer processes when possible') and the 2013 paper referenced in the article (see table on p.80). It should be something like 'singular per rendered web page'. PaulT2022 (talk) 00:23, 4 February 2024 (UTC)Reply
@PaulT2022 If you take a look at "Project progression" of the same link it mentions that the vast majority of traditional navigations (link-clicks, every other interaction) would lead to the renderer process being shared between origins. While the mechanism to seperate sites did exist, it wasn't used very much/at all, site isolation forced the architecture to be process per renderer by default.
Regarding the confusion wrt to 'site', the Chrom(e|ium) definition refers to eTLD+1 seperation, whereas Reis 2009 and Firefox use the complete origin as a site identifier. I do agree that the article is lacking some nuance in that aarea, and I'll see how I can add it without adding more jargon (which is hard) :) Sohom (talk) 08:26, 4 February 2024 (UTC)Reply
it wasn't used very much/at all, site isolation forced the architecture to be process per renderer by default – I don't believe this was the case. Chromium used isolated renderer processes for each website from the beginning ("it swapped renderer processes for cross-site navigations that were initiated in the browser process (such as omnibox navigations or bookmarks)"). According to the 2013 paper, other browsers were too by 2013. The issue was that iframes embedded in the page were rendered by the same process, and the process was re-used when navigating to another site, which resulted in scripts potentially having access to the same memory that was used to render a page from another origin previously. PaulT2022 (talk) 14:31, 4 February 2024 (UTC)Reply
@PaulT2022 I agree with what you are saying, I'm not disputing that new renderers were created for bookmark and omnibox navigations. However, that does not account for a vast majority of navigations on the web (how many times do you search a specific thing in a new tab (creates a new process) vs click on a link (reuses renderer processes)). Using the process-per-rendering-instance model for 2% of navigations and process-per-browsing-instance model for the rest, does not change the fact that the predominant model is still process-per-browsing-instance. Sohom (talk) 16:05, 4 February 2024 (UTC)Reply
I agree with this (although not quantitatively with 2%, as it's a new process for each address bar navigation/search as well).
All I'm saying is that it isn't evident from the text, especially to someone not familiar with the background, that 'singular' means process-per-browsing-instance. PaulT2022 (talk) 16:16, 4 February 2024 (UTC)Reply

GA Review

edit
GA toolbox
Reviewing
This review is transcluded from Talk:Site isolation/GA1. The edit link for this section can be used to add comments to the review.

Reviewer: RoySmith (talk · contribs) 17:04, 4 March 2024 (UTC)Reply

@Sohom Datta: starting review. RoySmith (talk) 17:04, 4 March 2024 (UTC)Reply

  • "following the release of the Spectre and Meltdown vulnerabilities to the public", that's an odd way to phrase it. You "release" software. I think what you meant here is "disclosure" or something similar.
  Done
  • " While previously accessing restricted memory was a relatively involved process requiring a compromised renderer, the Spectre vulnerability made it much easier to access arbitrary memory." I would rewrite that as "Spectre made it much easier to access arbitrary memory; this was previously a complicated process which required a compromised renderer." The next sentence ("This exposed...") is kind of convoluted. I'm particularly confused by what "as using JavaScript" is supposed to be saying.
I've tried simplifying this
  • "Over the years, multiple versions of the site isolation architecture have been proposed." This sentence doesn't say much. I'd drop it and just start with "In 2009, Reis et all..."
  Done
  • "This was subsequently improved upon ...", how about, "This was improved upon in <whatever year> by the Gazelle research browser..."
  Done
  • "based on their web principal" explain what a "web principal" is.
The part after the comma briefly explains what a web-principal is.
  • "the OP ... IBOS, Tahoma and the SubOS browser": browsers (plural)
  Done
  • "Google Chrome released a conference paper" I'd say that as "Reis, et al of the Google Chrome project presented a paper at USENIX ..."
  Done
  • "the idea of websites frames" I'm guessing you meant "websites'" (plural possessive) or "a website's"?
  Done
  • "a feature that had been suggested by the Gazelle web browser" browsers don't suggest, people do. Perhaps "used by Gazelle" or "suggested by Gazelle's authors"?
  Done
  • "requiring over 4000 commits over a period of 5 years" avoid repetition, so "more than 4000 commits from 320 contributors over a period of..."
  Done
  • "Chrome's implementation of site isolation allowed them" Chrome is not a person, so "them" can't be used to refer to it. "allowed it", I guess?
  Done
  • "which allowed attackers to compromise the same-origin policy": written like that, it's not clear if it is "Chrome's implementation" or "uXSS attacks" which are doing the allowing.
  • "attacks reported in between", omit "in"
  Done
  • "by the deployment on Site Isolation.": on -> of. Also, why is Site Isolation capitalized?
  Done
  • "preventing various variations" Just one of the "v" words is enough.
  Done
  • "Firefox announced" -> "The Firefox development team"
  Done
  • "iterated on a few of the flaws". You iterate on successes. You address or fix flaws.
  Done
  • "the fact that similar web pages were still vulnerable to uXSS attacks." similar to what?
  • "Similar to Chrome, the project..." avoid repetition of the word "similar"
  Done
  • "Historically, site isolation has only been implemented by research browsers" Be more specific about what "Historically" means. Prior to some particular year? Prior to some specific browser release?
  Done
  • "This was because the approach was considered" -> "The approach was considered..."
  Done
  • "resource and memory intensive due to increase in the amount of memory space taken up by the processes." This sentence got lost somewhere. Memory is a kind of resource, so "resource and memory" is redundant. And "memory intensive" is redundant with "increase in the amount of memory space taken up".
  Done
  • "This was reflected in real world implementations as well", it's unclear what "This" refers to.
Clarified
  • "took one to two cores more" link "core" to Central processing unit (or some other target if there's on that's more appropriate).
  Done
  • "not considered a silver bullet"; that's jargon. Perhaps "not considered a panacea"? Also, who is doing the considering here?
That would have been Microsoft Reasearch, but you are right, that line isn't the best, I've tried to reword that part.

OK, that's it for a first reading. Overall, this is looking pretty good. I still need to come back for another read after you've addressed the issues I've noted above, plus copyright checks and reference spot-checks. I may not get back to that for a few days. RoySmith (talk) 18:02, 4 March 2024 (UTC)Reply

Oh, one other thing; while not strictly required, it would be helpful if this could be illustrated with some block diagrams of how the various browser components interact with each other and how they are distributed among processes in the various architectures. Also, different operating systems have somewhat different concepts of what a process is. If you could find anything which talks about how those differences affect implementations of site isolation on different platforms, that would be useful. RoySmith (talk) 18:09, 4 March 2024 (UTC)Reply
I've added a diagram. I wasn't able to find much discussion about the comparism between different process implementations :( Sohom (talk) 03:29, 8 March 2024 (UTC)Reply

Source spotcheck: 2, 5, 6, 12, 17 vs Special:Permalink/1211912654

  • The entire last paragraph of Background is cited to refs 5 & 6. Ref 5 is a 16 page paper. The paragraph talks about both Spectre and Meltdown. Ref 5 mentions neither of those. Ref 6 only mentions Spectre. This really needs to be cited at a finer resolution, citing specific page numbers in ref 5, and teasing apart which statements are supported by which of the two references.
I've added some new sources that mention both Spectre and Meltdown and specified which pages I am citing.
  • Ref 6 is a self-published blog, but I'm willing to accept it as a WP:RS based on the authors being subject matter experts.
  • "Around the same time, work was also being done on the OP (which would later become the OP2 browser), IBOS, Tahoma and the SubOS browsers all of which proposed different paradigms to solve the issue of process separation amongst sites.[8][2]" As far as I can tell, everything in this sentence is supported by ref-8 (section "7 Related Work"), so I'm not sure what value also citing it to ref-2 has.
Ref 2 provides a break down of each of the research browser's methodologies. While it is not strictly required, it would be useful to a more technical reader who might want to dig deeper.
  • Ref 2 is 20 pages; please provide more detailed citations including page numbers.
  Done
  • "The Chrome team found that all 94 uXSS attacks ..." this sentence is cited to refs 11 & 12, neither of which mentions 94 uxss attacks.
Fixed
  • Ref 17 is 20 pages long. Please provide more specific citations to page numbers.
  Done

As far as copyright problems go, a scan with Earwig turned up nothing of concern. RoySmith (talk) 20:00, 5 March 2024 (UTC)Reply

RoySmith (talk) 19:58, 5 March 2024 (UTC)Reply

@Sohom Datta I've placed this on hold. Please address the above issues in the next 7 days, thanks. RoySmith (talk) 18:37, 7 March 2024 (UTC)Reply
@RoySmith I've addressed your points above. Let me know if there are any more concerns/issues :) Sohom (talk) 15:31, 8 March 2024 (UTC)Reply
Looks good, thanks. Nice article. It's amazing how sophisticated some of these attacks are. RoySmith (talk) 15:47, 8 March 2024 (UTC)Reply