[tor-bugs] #16010 [Applications/Tor Browser]: Get a working content process sandbox for Tor Browser on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 20 15:09:21 UTC 2017
#16010: Get a working content process sandbox for Tor Browser on Windows
-------------------------------------------------+-------------------------
Reporter: gk | Owner: gk
Type: task | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: ff52-esr, tbb-e10s, tbb-security, | Actual Points:
GeorgKoppen201709, TorBrowserTeam201709R |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Okay, as Bob Owen mentioned, chromium sandbox requires level 20, but
crashes at startup with
{{{
Process Sandbox BLOCKED: NtCreateFile for :
\??\pipe\chrome.3552.35.48659324
Stack Trace:
--#01: ???[C:\Windows\AppPatch\EMET.DLL +0x27089]
Process Sandbox Broker ALLOWED: NtCreateFile for :
\??\pipe\chrome.3552.35.48659324
Process Sandbox BLOCKED: NtOpenThread
Stack Trace:
--#01: ???[C:\Windows\system32\KERNELBASE.dll +0x9e57]
Process Sandbox Broker ALLOWED: NtOpenThread
Process Sandbox BLOCKED: NtCreateFile for :
\??\pipe\chrome.3552.36.121071419
Stack Trace:
--#01: ???[C:\Windows\AppPatch\EMET.DLL +0x27089]
Process Sandbox Broker ALLOWED: NtCreateFile for :
\??\pipe\chrome.3552.36.121071419
Process Sandbox BLOCKED: NtCreateFile for :
\??\pipe\chrome.3552.37.59242143
Stack Trace:
--#01: ???[C:\Windows\AppPatch\EMET.DLL +0x27089]
Process Sandbox Broker ALLOWED: NtCreateFile for :
\??\pipe\chrome.3552.37.59242143
Process Sandbox BLOCKED: NtOpenKey for : \REGISTRY\MACHINE
Stack Trace:
--#01: CreateThread[C:\Windows\system32\kernel32.dll +0x4df59]
Process Sandbox BLOCKED: NtOpenKey for : \REGISTRY\USER
Stack Trace:
--#01: SetFileAttributesW[C:\Windows\system32\kernel32.dll +0x3b593]
Process Sandbox BLOCKED: NtOpenProcessToken
Stack Trace:
--#01: ???[C:\Windows\system32\KERNELBASE.dll +0x128e2]
Process Sandbox Broker ALLOWED: NtOpenProcessToken
Process Sandbox BLOCKED: NtOpenKeyEx for :
\Registry\Machine\Software\Classes\CLSID\{BCDE0395-E52F-467C-8E3D-
C4579291692E}
Stack Trace:
--#01: ReleaseActCtx[C:\Windows\system32\kernel32.dll +0x47692]
Process Sandbox BLOCKED: NtCreateFile for :
\??\pipe\chrome.3552.38.63916814
Stack Trace:
--#01: ???[C:\Windows\AppPatch\EMET.DLL +0x27089]
Process Sandbox Broker ALLOWED: NtCreateFile for :
\??\pipe\chrome.3552.38.63916814
Process Sandbox BLOCKED: NtOpenThread
Stack Trace:
--#01: ???[C:\Windows\system32\KERNELBASE.dll +0x9e57]
Process Sandbox Broker ALLOWED: NtOpenThread
Process Sandbox BLOCKED: NtOpenKey for :
\Registry\Machine\Software\Microsoft\Windows\Tablet PC\
Stack Trace:
--#01: GetUserObjectInformationA[C:\Windows\system32\USER32.dll +0x7418]
Process Sandbox BLOCKED: NtOpenKeyEx for :
\Registry\Machine\Software\Classes\CLSID\{E77CC89B-7401-4C04-8CED-
149DB35ADD04}
Stack Trace:
--#01: ReleaseActCtx[C:\Windows\system32\kernel32.dll +0x47692]
Process Sandbox BLOCKED: NtCreateFile for :
\??\pipe\chrome.3784.0.37962629
Stack Trace:
--#01: ???[C:\Windows\AppPatch\EMET.DLL +0x27089]
Process Sandbox Broker ALLOWED: NtCreateFile for :
\??\pipe\chrome.3784.0.37962629
Process Sandbox BLOCKED: NtOpenKey for :
\Registry\Machine\Software\Microsoft\Windows\Tablet PC\
Stack Trace:
--#01: GetUserObjectInformationA[C:\Windows\system32\USER32.dll +0x7418]
}}}
Then "level 10 might be acceptable for many people" is not true: it can't
even display a context menu and
{{{
Process Sandbox BLOCKED: NtQueryAttributesFile for : \??\C:\Tor
Browser\Browser\softokn3.dll
Stack Trace:
--#01: RtlExpandEnvironmentStrings[C:\Windows\SYSTEM32\ntdll.dll +0x60db1]
Process Sandbox BLOCKED: NtQueryAttributesFile for : \??\C:\Tor
Browser\Browser\mozavutil.dll
Stack Trace:
--#01: RtlExpandEnvironmentStrings[C:\Windows\SYSTEM32\ntdll.dll +0x60db1]
Process Sandbox BLOCKED: NtQueryAttributesFile for : \??\C:\Tor
Browser\Browser\mozavcodec.dll
Stack Trace:
--#01: RtlExpandEnvironmentStrings[C:\Windows\SYSTEM32\ntdll.dll +0x60db1]
}}}
Lower levels are acceptable. However, they give
{{{
08:21:12.871 NS_NOINTERFACE: Component returned failure code: 0x80004002
(NS_NOINTERFACE) [nsIWebProgress.DOMWindowID] 1
WebNavigationContent.js:158
08:47:41.428 NS_BINDING_ABORTED: Component returned failure code:
0x804b0002 (NS_BINDING_ABORTED) [nsIStreamListener.onDataAvailable] 1
WebRequest.jsm:355
09:53:28.611 [Exception... "Component returned failure code: 0x80040111
(NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.suspend]" nsresult: "0x80040111
(NS_ERROR_NOT_AVAILABLE)" location: "JS frame ::
resource://gre/modules/WebRequest.jsm :: maybeSuspend :: line 601" data:
no] 1 (unknown)
maybeSuspend resource://gre/modules/WebRequest.jsm:601:7
HttpObserverManager.applyChanges<
resource://gre/modules/WebRequest.jsm:749:24
next self-hosted:1120:9
TaskImpl_run resource://gre/modules/Task.jsm:319:42
TaskImpl resource://gre/modules/Task.jsm:277:3
createAsyncFunction/asyncFunction
resource://gre/modules/Task.jsm:252:14
runChannelListener resource://gre/modules/WebRequest.jsm:738:12
observe resource://gre/modules/WebRequest.jsm:504:9
}}}
which may need further investigations.
To be on par with Mozilla, level 4 is suitable for the alphas. It could
help to collect users' opinions about all the changes (and then downgrade
if needed).
Very important side issue is that the sandboxing feature adds
`security.sandbox.content.tempDirSuffix` pref which is a 128-bit GUID that
allows to uniquely identify your copy of Tor Browser. It is persistent and
leaves unique traces on every machine you use in system %TEMP% folder.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16010#comment:56>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list