Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sandboxie causing Firefox Nightly crashes #4183

Open
bobowen opened this issue Aug 27, 2024 · 8 comments
Open

Sandboxie causing Firefox Nightly crashes #4183

bobowen opened this issue Aug 27, 2024 · 8 comments
Assignees
@DavidXanatos
Labels
Confirmation pending Further confirmation is requested Firefox-related Issues with Firefox-based browsers incompatibility Broken compatibility with Sandboxie SbieDll Collection of SbieDll.dll issues

Comments

@bobowen
Copy link

bobowen commented Aug 27, 2024

Describe what you noticed and did

We have recently made changes to further restrict the SIDs in the access tokens for the content processes on Firefox Nightly.
We have been getting crashes since this change and many of them appear to have SbieDll.dll loaded in the process.

The crash is occurring when we fail to initialize COM security here.
This is before we lower the token on the main thread, so there shouldn't be any change from a permission point of view at this point.

This is our bug for reference: Bug 1895174

How often did you encounter it so far?

No response

Expected behavior

Not crashing.

Affected program

Firefox Nightly 131.0a1

Download link

https://www.mozilla.org/en-US/firefox/all/#product-desktop-nightly

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

Yes, it did, but I don't want to share the .dmp file(s) for privacy reasons.

Crash dump

No response

What version of Sandboxie are you running now?

5.69.6.0

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

Not relevant to my request.

Can you reproduce this problem on a new empty sandbox?

Not relevant to my request.

What is your Windows edition and version?

WIndows 10 and 11

In which Windows account you have this problem?

Not relevant to my request.

Please mention any installed security software

n/a

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

No response
@bobowen bobowen added the Confirmation pending Further confirmation is requested label Aug 27, 2024
@sandboxie-plus sandboxie-plus deleted a comment Aug 27, 2024
@offhub offhub added the Firefox-related Issues with Firefox-based browsers label Aug 27, 2024
@bobowen
Copy link
Author

bobowen commented Aug 28, 2024

It's not very clear to me what is going on here, because it seems to fail in different places (and I can't reproduce with a local build).
It appears that something is going wrong with the token on the main thread early on.
In our normal sandbox case the main thread is running with an impersonation token at first to give it access to load DLLs and to do other initialization.

@love-code-yeyixiao
Copy link
Contributor

love-code-yeyixiao commented Aug 29, 2024 via email

@bobowen
Copy link
Author

bobowen commented Aug 29, 2024

You should know that we never inject SbieDll.dll when a process running outside boxes.You didn't find "SbieDll.dll" in the log,right?

This was noticed from crash reports where the SbieDll.dll was loaded in the crashing process.
So this must be people who are running Firefox within a sandboxie sandbox.

We can reproduce similar crashes by running the latest Nightly in the sandboxie DefaultBox.
Either by using the "Run" option or the "Force Programs" option.

@offhub offhub added incompatibility Broken compatibility with Sandboxie SbieDll Collection of SbieDll.dll issues labels Aug 29, 2024
@offhub
Copy link
Collaborator

offhub commented Aug 29, 2024

For me it only crashes on startup when using the Application Compartment type sandbox with the following Firefox setting.

pref("security.sandbox.content.level", 8);

@bobowen
Copy link
Author

bobowen commented Aug 29, 2024

For me it only crashes on startup when using the Application Compartment type sandbox with the following Firefox setting.

pref("security.sandbox.content.level", 8);

This is the setting that moves us to a USER_RESTRICTED access token level.

It is now not reproducing for me with the latest Nightly for the DefaultBox (it is for Application Compartment type as you say).
So, perhaps something else was also interacting with this.
I'll try and bisect recent changes.

@bobowen
Copy link
Author

bobowen commented Sep 2, 2024

It seems that the crash in the DefaultBox required both using the USER_RESTRICTED access token level and a PGO build that had the firefox sandbox enabled during the PGO instrument and run phases. This second change was backed out for other reasons.
I've tried to reproduce with a local PGO build but to no avail.

The similar crash with only USER_RESTRICTED that happens with the Application Compartment type sandbox appears to be caused when the call to ProcessToken::GetProcessToken in CRpcResolver::GetConnection fails within the CoInitializeSecurity call in combase.dll.
I've looked at the process and thread tokens just after the failure and I don't see any obvious reason for this.
I've not dug any deeper because I had some trouble with breakpoints causing failures when debugging within the sandboxie sandbox.

@DavidXanatos
Copy link
Member

which firefox build number is affected and is the issue still present?

I don't see any issues with 131.0b6

@bobowen
Copy link
Author

bobowen commented Sep 15, 2024

which firefox build number is affected and is the issue still present?

It was originally reproduced in Nightly which was the only place that had the USER_RESTRICTED and PGO changes.
After the PGO changes were backed out, I could only reproduce with an Application Compartment type sandbox:
https://www.mozilla.org/en-US/firefox/all/#product-desktop-nightly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DavidXanatos DavidXanatos

Labels
Confirmation pending Further confirmation is requested Firefox-related Issues with Firefox-based browsers incompatibility Broken compatibility with Sandboxie SbieDll Collection of SbieDll.dll issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@DavidXanatos @offhub @bobowen @love-code-yeyixiao and others