Security Protections of the Safari Browser Sandbox

Perhaps I should clarify what I meant by "So basically what I'm looking for here are not only general answers and references but some really low level technical details if you have them."

What I meant was that I wouldn't shy away from a very technical [conceptually speaking] answer. Of course I understand that when it comes to a proprietary piece of software - especially something as important as an web browser - you're not going to be able to get down into the source code. This makes complete sense not only for Apple protecting their intellectual property, but you could argue in some sense for the security of all of us using the browser software to connect online. Note: I'm not interested in getting into a discussion here about what is more secure, closed-source or open-source, so please let's leave that discussion from this thread.

If you look at the information pages that Apple has on the security of the Safari browser, you'll see that they say that Safari and its associated plugins execute inside of a sandbox, where requests from code running in the browser [think Javascript or a Flashplayer video] are limited to a predefined set of resources. In the cases where requests are made to what might be regarded as sensitive resources [microphone, camera, software download] the user has to give their explicit permission [by clicking "yes" on the prompt etc]. Apple is really making a point that the browser is designed to not let executable code escape from the browser's application sandbox, period.

Just from a perspective from understanding the design of Safari's security model, I'm interested in knowing whether malicious code executed in the browser could escape [through some buffer overflow problem] and then execute itself at any level of privilege. Or would there be some sort of second layer of protection: some sort of access control list that used process IDs to constrain a potentially malicious process from just doing whatever it was coded to do?

Again, to clarify, I'm not looking for or interested in source code level details here....I'm simply interested in the various layers of security that Apple has given to the Safari sandbox to better understand on a more technical level what they mean on their security information pages. Google Chrome's developer teams have gone into great detail on their blogs about how they designed the Chrome sandbox for the Windows OS. I'm interested in learning about Safari's protections on a similar level of detail.

We use this program every to talk to friends, read our news, do our online banking...I'm interested to know how Safari is being designed well enough to provide reasonable protections.

Alright etresoft has given his assessment about the availability of this information. Anyone else out there who's come across this kind of information in Apple's security whitepapers or any other forum threads?

I'm re-posting this comment back to the main thread. I think it adds some good detail to my original question.

##########################

Perhaps I should clarify what I meant by "So basically what I'm looking for here are not only general answers and references but some really low level technical details if you have them."

What I meant was that I wouldn't shy away from a very technical [conceptually speaking] answer. Of course I understand that when it comes to a proprietary piece of software - especially something as important as an web browser - you're not going to be able to get down into the source code. This makes complete sense not only for Apple protecting their intellectual property, but you could argue in some sense for the security of all of us using the browser software to connect online. Note: I'm not interested in getting into a discussion here about what is more secure, closed-source or open-source, so please let's leave that discussion from this thread.

If you look at the information pages that Apple has on the security of the Safari browser, you'll see that they say that Safari and its associated plugins execute inside of a sandbox, where requests from code running in the browser [think Javascript or a Flashplayer video] are limited to a predefined set of resources. In the cases where requests are made to what might be regarded as sensitive resources [microphone, camera, software download] the user has to give their explicit permission [by clicking "yes" on the prompt etc]. Apple is really making a point that the browser is designed to not let executable code escape from the browser's application sandbox, period.

Just from a perspective from understanding the design of Safari's security model, I'm interested in knowing whether malicious code executed in the browser could escape [through some buffer overflow problem] and then execute itself at any level of privilege. Or would there be some sort of second layer of protection: some sort of access control list that used process IDs to constrain a potentially malicious process from just doing whatever it was coded to do?

Again, to clarify, I'm not looking for or interested in source code level details here....I'm simply interested in the various layers of security that Apple has given to the Safari sandbox to better understand on a more technical level what they mean on their security information pages. Google Chrome's developer teams have gone into great detail on their blogs about how they designed the Chrome sandbox for the Windows OS. I'm interested in learning about Safari's protections on a similar level of detail.

We use this program every to talk to friends, read our news, do our online banking...I'm interested to know how Safari is being designed well enough to provide reasonable protections.