Security/Sandbox: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(updating status)
(Remove Flash information and outdated Console.app details.)
 
(187 intermediate revisions by 9 users not shown)
Line 3: Line 3:
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]
[[File:550px-Sandboxing_basic_architecture.png|frameless|550px]]


Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.
Security Sandboxing makes use of [https://en.wikipedia.org/wiki/Child_process child processes] as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the [[Electrolysis]] wiki page, and its sucessor, [[Project Fission]]. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.
 
== Technical Docs ==
 
* [https://wiki.mozilla.org/Security/Sandbox/Specifics Platform Specifics]
* [https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access File Restrictions Bug Research]
* [https://wiki.mozilla.org/Security/Sandbox/Hardening Hardening Research]
* [https://wiki.mozilla.org/Security/Sandbox/Process_model Process Model]


= Current Status =
= Current Status =
Line 11: Line 18:
!Sandbox
!Sandbox
!colspan="2"|Trunk
!colspan="2"|Trunk
!colspan="2"|Aurora
!colspan="2"|Beta
!colspan="2"|Beta
!colspan="2"|Release
!colspan="2"|Release
Line 17: Line 23:
!
!
!colspan="2"|Level
!colspan="2"|Level
!colspan="1"|Level
!colspan="1"|Version
!colspan="1"|Level
!colspan="1"|Level
!colspan="1"|Version
!colspan="1"|Version
Line 25: Line 29:
|-
|-
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)]
|style='text-align:center;' colspan="2"|Level 2
|style='text-align:center;' colspan="2"|Level 6
|style='text-align:center;' colspan="1"|Level 6
|style='text-align:center;' colspan="1"|Fx76
|style='text-align:center;' colspan="1"|Level 6
|style='text-align:center;' colspan="1"|Fx76
|-
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)]
|style='text-align:center;' colspan="2"|Level 1
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx50
|style='text-align:center;' colspan="1"|
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx50
|style='text-align:center;' colspan="1"|
||
||
|-
|-
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForGMPlugin&redirect=true&case=true Windows (GMP)]
Line 37: Line 46:
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|-
|-
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]
|colspan="1"|[https://searchfox.org/mozilla-central/search?q=symbol:_ZN7mozilla21AbstractSandboxBroker32SetSecurityLevelForSocketProcessEv&redirect=false Windows (Socket)]
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|Level 1
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx75
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx75
|-
| [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyContent.h OSX (content)]
|style='text-align:center;' colspan="2"|Level 3
|style='text-align:center;' colspan="1"|Level 3
|style='text-align:center;' colspan="1"|Fx56
|style='text-align:center;' colspan="1"|Level 3
|style='text-align:center;' colspan="1"|Fx56
|-
| [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyGMP.h OSX (GMP)]
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|-
|-
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/Sandbox.mm OSX (content)]
| [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyUtility.h OSX (RDD)]
|style='text-align:center;' colspan="2"|Level 2
|style='text-align:center;' colspan="1"|
|style='text-align:center;' colspan="1"|
||
||
||
|-
| [https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/Sandbox.mm OSX (GMP)]
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|-
| [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicySocket.h OSX (Socket)]
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|disabled
|style='text-align:center;' colspan="2"|disabled
|-
|-
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]
| [https://dxr.mozilla.org/mozilla-central/search?q=class+ContentSandboxPolicy&redirect=true&case=true Linux (content)]
|style='text-align:center;' colspan="2"|Level 1
|style='text-align:center;' colspan="2"|Level 4
||
|style='text-align:center;' colspan="1"|Level 4
||
|style='text-align:center;' colspan="1"| Fx60
||
|style='text-align:center;' colspan="1"|Level 4
||
|style='text-align:center;' colspan="1"| Fx60
||
|-
|-
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]
| [https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy&redirect=true&case=true Linux (GMP)]
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
Line 74: Line 89:
|}
|}


DXR search for the current [https://dxr.mozilla.org/mozilla-central/search?q=security.sandbox+path%3Abrowser%2Fapp&redirect=true&case=true sandbox preferences].
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.
 
== Windows ==
== Windows ==


=== Content ===
=== Content ===
Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2 !! Level 10 !! Level 20
! Sandbox Feature !! Level 5 !! Level 6 (default)
|-
| Job Level || JOB_LOCKDOWN || JOB_LOCKDOWN
|-
|-
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE || JOB_RESTRICTED || JOB_LOCKDOWN
| Access Token Level || USER_LIMITED || USER_LIMITED
|-
|-
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE || USER_LIMITED || USER_LOCKDOWN
| Alternate Desktop || YES || YES
|-
|-
| Alternate Desktop || || || || yes || yes
| Alternate Windows Station || YES || YES
|-
|-
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
|-
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_UNTRUSTED
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
|-
| Mitigations || ||
| Mitigations  
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
||
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_BOTTOM_UP_ASLR<br>
Line 104: Line 119:
MITIGATION_SEHOP<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
MITIGATION_DEP<br>
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
MITIGATION_CONTROL_FLOW_GUARD_DISABLE<br>
MITIGATION_WIN32K_DISABLE
||
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_BOTTOM_UP_ASLR<br>
Line 110: Line 131:
MITIGATION_SEHOP<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
MITIGATION_DEP<br>
||
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_SEHOP<br>
MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_CONTROL_FLOW_GUARD_DISABLE<br>
MITIGATION_DEP
MITIGATION_WIN32K_DISABLE<br>
Locked Down Default DACL
|-
|-
| Delayed Mitigations || ||
| Delayed Mitigations  
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_STRICT_HANDLE_CHECKS<br>
Line 134: Line 151:
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header]


=== Gecko Media Plugin ===
=== Gecko Media Plugin (GMP) ===


{| class="wikitable"
{| class="wikitable"
Line 155: Line 172:
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_SEHOP<br>
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
MITIGATION_DEP<br>
MITIGATION_NONSYSTEM_FONT_DISABLE<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_CET_COMPAT_MODE<br>
Locked Down Default DACL
|-
|-
| Delayed Mitigations
| Delayed Mitigations
Line 166: Line 189:
[1] depends on the media plugin
[1] depends on the media plugin


=== 64-bit Plugin ===
=== Remote Data Decoder (RDD) ===
 
Released with known issues that break certain Flash features. If you're testing 64-bit builds and come across Flash issues please file a bug.


{| class="wikitable"
{| class="wikitable"
Line 174: Line 195:
! Sandbox Feature !! Level
! Sandbox Feature !! Level
|-
|-
| Job Level || JOB_UNPROTECTED
| Job Level || JOB_LOCKDOWN
|-
|-
| Access Token Level || USER_INTERACTIVE
| Access Token Level || USER_LIMITED
|-
|-
| Initial Integrity Level || INTEGRITY_LEVEL_LOW
| Initial Integrity Level || INTEGRITY_LEVEL_LOW
Line 182: Line 203:
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW
|-
|-
| Alternate desktop || no
| Alternate desktop || yes
|-
|-
| Mitigations
| Mitigations
Line 189: Line 210:
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_SEHOP<br>
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
MITIGATION_DEP<br>
MITIGATION_NONSYSTEM_FONT_DISABLE<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
MITIGATION_CET_COMPAT_MODE<br>
Locked Down Default DACL
|-
|-
| Delayed Mitigations
| Delayed Mitigations
||
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DYNAMIC_CODE_DISABLE<br>
MITIGATION_DLL_SEARCH_ORDER<br>
MITIGATION_FORCE_MS_SIGNED_BINS
|}
|}


Line 202: Line 234:
== OSX ==
== OSX ==


=== Content ===
=== Content Levels for Web and File Content Processes ===
 
Mac content processes use sandbox level 3. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Mac sandboxing uses a white list policy for all process types. Each policy begins with a statement to deny all access to system resources and then specifies the allowed resources. The level 3 sandbox allows file system read metadata access with full read access for specific system directories and some user directories, access to the microphone, access to various system services, windowserver, named sysctls and iokit properties, and other miscellaneous items. Work is ongoing to remove access to the microphone, windowserver, and other system services where possible. The sandbox blocks write access to all of the file system, read access to the profile directory (apart from the chrome and extensions subdirectories, read access to the home directory, inbound/outbound network I/O, exec, fork, printing, video input devices such as cameras. Older sandbox levels 1 and 2 are less restrictive. Mainly, level 2 allows file-read access to all of the filesystem except the ~/Library directory. Level 1 allows all file-read access. Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.
 
The web and file content policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyContent.h SandboxPolicyContent.h]
 
=== Gecko Media Plugin Processes ===
 
The Gecko Media Plugins (GMP) policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyGMP.h SandboxPolicyGMP.h].
 
=== Remote Data Decoder Processes ===


[https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set Filter rules]
The Remote Data Decoder (RDD) policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicyUtility.h SandboxPolicyUtility.h].


=== Gecko Media Plugins ===
=== Socket Process ===


[https://dxr.mozilla.org/mozilla-central/search?q=pluginSandboxRules&redirect=false&case=true Filter rules]
The socket process policy is defined in [https://searchfox.org/mozilla-central/source/security/sandbox/mac/SandboxPolicySocket.h SandboxPolicySocket.h]. At this time (May 2020), the socket process sandbox is only used on the Nightly channel and only for WebRTC networking.


== Linux ==
== Linux ==


=== Content ===
=== Content Levels ===
 
{| class="wikitable"
|-
! Job Level !! What's Blocked by the Sandbox?
|-
| Level 1 ||
* Many syscalls, including process creation
|-
| Level 2 ||
* Everything from level 1
* Write access to the filesystem
** Excludes shared memory, tempdir, video hardware
|-
| Level 3 ||
* Everything from level 1-2
* Read access to most of the filesystem
** Excludes themes/GTK configuration, fonts, shared data and libraries
|-
| Level 4 ||
* Everything from level 1-3
* Network access including local sockets
** Excludes X11 socket
* System V IPC
** Unless fgxlrx or VirtualGL is in use
* Uses chroot jail
* Uses Unprivileged User Namespaces (if available)
|}
 
=== Content Rules ===


[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp?q=ContentSandboxPolicy Filter ruleset]
[https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#203 Filesystem access policy]


=== Gecko Media Plugin ===
=== Gecko Media Plugin ===
Line 220: Line 293:
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]
[https://dxr.mozilla.org/mozilla-central/search?q=class+GMPSandboxPolicy Filter ruleset]


= Platform Specifics =  
=== Customization Settings ===


== Windows ==
The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.
 
See [[Security/Sandbox#Linux_specific|Activity Logging]] for information on how to debug these scenarios.
 
security.sandbox.content.level
* See [[Security/Sandbox#Content_Levels_2|Content Levels]] above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.
 
security.sandbox.content.read_path_whitelist<br/>
security.sandbox.content.write_path_whitelist
* Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing <tt>/</tt> character.
 
security.sandbox.content.syscall_whitelist
* Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.
 
= Preferences =


=== Source Code Overview ===
{| class="wikitable"
|-
! Process Type !! Preference Type !! Preference
|-
| Content || numerical || security.sandbox.content.level
|-
| Windows NPAPI Plugin || numerical || dom.ipc.plugins.sandbox-level.default<br>dom.ipc.plugins.sandbox-level.<plugintype>
|-
| Compositor || numerical || security.sandbox.gpu.level
|-
| Media || Embedded || N/A
|}


The core of the Windows sandbox is Google's chromium sandbox. Relative to the root of mozilla-central, the sandbox exists at:
<strong>Note - Levels greater than the current default for a particular process type are not implemented.</strong>


<code>security/sandbox</code>
= File System Restrictions =


The chromium sandbox is based on the chromium base libraries (Google's code) which are located at:
Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Content_scripts WebExtension content script] or XUL add-on script running in the browser process.


<code>security/sandbox/chromium/base</code>
File system access rules for content processes, reverse precedence:


There is also partial/shim code to get the base code compiling with our SDK build settings or to limit the base code by reducing dependencies at:
{| class="wikitable"
|-
! Location !! Access Type !! Restriction
|-
| file system || read/write || deny by default
|-
| install location || write || deny
|-
| install location || read || allow
|-
| system library locations  || write || deny
|-
| system library locations  || read || allow
|-
| profile/* || read/write || deny by default
|-
| profile/extensions || write || deny
|-
| profile/extensions || read || allow
|}


<code>security/sandbox/chromium-shim/base</code>
= Debugging Features =


The chromium Windows sandbox itself (Google's code) is located at:
== Activity Logging ==


<code>security/sandbox/chromium/sandbox/win</code>
The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.<br/>


=== Processes Overview ===
security.sandbox.logging.enabled (boolean)<br/>
security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)<br/>


There are 2 processes when dealing with a sandboxed application:
The following environment variables also triggers sandbox logging output: <br/>


# The broker: The parent process that starts sandboxed children
MOZ_SANDBOX_LOGGING=1
# The target: The child process that is sandboxed


Both processes make use of the chromium sandbox library, but they make use of it indirectly through 2 libraries (Mozilla code).
=== OSX Specific Sandbox Logging ===
This indirect use of the library is due to header conflicts with the ipc layer where it has a different, much older, non compatible, copy of the chromium base library:


# For the broker, ./security/sandbox/win/src/sandboxbroker
On Mac, sandbox violation logging is disabled by default. To enable logging,
# For the target, ./security/sandbox/win/src/sandboxtarget


=== Build settings ===
# Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".
# Either set the pref '''security.sandbox.logging.enabled=true''' and restart the browser OR launch the browser with the '''MOZ_SANDBOX_LOGGING''' environment variable set.


To disable building the sandbox completely build with this in your mozconfig:<br>
=== Linux specific Sandbox Logging ===
ac_add_options --disable-sandbox


To disable just the content sandbox parts:<br>
The following environment variable triggers extra sandbox debugging output: <br/>
ac_add_options --disable-content-sandbox
MOZ_SANDBOX_LOGGING=1


=== Environment variables ===
== Environment variables ==


{|
{| class="wikitable"
|Disable content process sandbox
|-
! ENVIRONMENT VARIABLE !! DESCRIPTION || PLATFORM
|-
|MOZ_DISABLE_CONTENT_SANDBOX
|MOZ_DISABLE_CONTENT_SANDBOX
|Disables content process sandboxing for debugging purposes.
|All
|-
|-
|Disable media plugin sandbox
|MOZ_DISABLE_GMP_SANDBOX
|MOZ_DISABLE_GMP_SANDBOX
|Disable media plugin sandbox for debugging purposes
|All
|-
|-
|Disable NPAPI process sandbox
|MOZ_DISABLE_NPAPI_SANDBOX
|MOZ_DISABLE_NPAPI_SANDBOX
|Disable 64-bit NPAPI process sandbox
|Windows and Mac
|-
|MOZ_DISABLE_GPU_SANDBOX
|Disable GPU process sandbox
|Windows
|-
|-
|Allow weaker than default sandbox level
|MOZ_DISABLE_RDD_SANDBOX
|MOZ_ALLOW_WEAKER_SANDBOX
|Disable Data Decoder process sandbox
|All
|-
|-
|Enable sandbox logging
|MOZ_DISABLE_SOCKET_PROCESS_SANDBOX
|MOZ_WIN_SANDBOX_LOGGING
|Disable Socket Process process sandbox
|All
|}
|}


=== Key source code locations ===
=== Setting a custom environment in Windows ===


The sandboxed target process lowers its own privileges after initialization via these calls:<br>
1) Close Firefox <br/>
[https://dxr.mozilla.org/mozilla-central/rev/918df3a0bc1c/dom/ipc/ContentChild.cpp#1455 Content process]<br>
2) Browser to the location of your Firefox install using Explorer <br/>
[https://dxr.mozilla.org/mozilla-central/rev/918df3a0bc1c/dom/media/gmp/GMPLoader.cpp#239 GMP process]<br>
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here" <br/>
[https://dxr.mozilla.org/mozilla-central/rev/918df3a0bc1c/dom/plugins/ipc/PluginProcessChild.cpp#122 NPAPI process]
4) Add the environment variable(s) you wish to set to your command window - <br/> <br/>
<code>set MOZ_DISABLE_NPAPI_SANDBOX=1</code>(return) <br/> <br/>
5) enter firefox.exe and press enter to launch Firefox with your custom environment <br/>


Level descriptions header:<br>
== Local Build Options ==
http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h


The call that starts the sandboxed process in Firefox is:<br>
To disable building the sandbox completely build with this in your mozconfig:
https://dxr.mozilla.org/mozilla-central/rev/918df3a0bc1c/ipc/glue/GeckoChildProcessHost.cpp#1030


All of the code that sets policies can be found here:<br>
<code>ac_add_options --disable-sandbox</code>
http://dxr.mozilla.org/mozilla-central/source/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp


== OSX ==
To disable just the content sandbox parts:
The OSX sandbox is based on the [http://www.trustedbsd.org/mac.html TrustedBSD MAC Framework.] It is undocumented and considered private by Apple.


* [https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set Mozilla OSX Sandbox Ruleset wiki page]
<code>ac_add_options --disable-content-sandbox</code>
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf OSX Sandbox]
* [https://www.romab.com/ironsuite/SBPL.html OSX sandbox policy language]


== Linux ==
= Bug Lists =


[http://en.wikipedia.org/wiki/Seccomp Seccomp] stands for secure computing mode. It's a simple sandboxing tool in the Linux kernel, available since Linux version 2.6.12. When enabling seccomp, the process enters a "secure mode" where a very small number of system calls are available (exit(), read(), write(), sigreturn()). Writing code to work in this environment is difficult; for example, dynamic memory allocation (using brk() or mmap(), either directly or to implement malloc()) is not possible.
== Priorities ==
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]


Seccomp-BPF is a more recent extension to seccomp, which allows filtering system calls with [http://en.wikipedia.org/wiki/Berkeley_Packet_Filter BPF (Berkeley Packet Filter)] programs. Most of our Linux user base have systems that support seccomp-bpf.
== Security/Process Sandboxing Lists ==
 
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full bug list]
These filters can be used to allow or deny an arbitrary set of system calls, as well as filter on system call arguments (numeric values only; pointer arguments can't be dereferenced).  Additionally, instead of simply terminating the process, the filter can raise a signal, which allows the signal handler to simulate the effect of a disallowed system call (or simply gather more information on the failure for debugging purposes).  Seccomp-bpf is available since Linux version 3.5 and is usable on the ARM architecture since Linux version 3.10. Several backports are available for earlier kernel versions.
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=keywords&list_id=13711696&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core No priority set]
 
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]
For limitations that apply to the semantics of system calls (e.g., “can this process access the filesystem”, not “can this process use system call #83”) we require unprivileged user namespaces, which a large majority of desktop users don't support. Specifically: <tt>chroot()</tt>ing into a deleted directory to revoke FS access, and namespace unsharing for networking, SysV IPC if possible, and process IDs.
 
* [http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilter.cpp seccomp-bpf filtering rules for various processes]
 
= Bug Lists =
 
== Milestones ==
* Windows Content Process
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc1&list_id=12929689 sbwc1]
*** Roll out level 1 sandbox policy to release.
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc2&list_id=12929689 sbwc2]
*** Roll out level 2 sandbox policy to release.
*** Do we have file system write access restrictions to add here?
*** file:/// isolation?
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc3&list_id=12929689 sbwc3]
*** Roll out level 10 sandbox policy to release.
*** file system read access restrictions from content
* OSX Content Process
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc1&list_id=12929689 sbmc1]
*** Roll out weak OSX security sandbox access ruleset
*** Prevent file system write access
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc2&list_id=12929689 sbmc2]
*** Home directory read access
*** file:/// isolation?
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc3&list_id=12929689 sbmc3]
*** TBD: Triage existing sandbox rules and define set to remove in milestone 3
*** File access: system /tmp and /var/folders/ and any other individual directories
* Linux Content Process
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc1&list_id=12929689 sblc1]
*** enable (heavily perforated) seccomp-bpf filter by default in Nightly
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc2&list_id=12929689 sblc2]
*** file system broker
*** remove/restrict file system write access
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc3&list_id=12929689 sblc3]
*** remove/restrict file system read access
*** file:/// isolation?
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc4&list_id=12929689 sblc4]
*** remove/restrict socket access/modification and solve X11 problem
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc5&list_id=12929689 sblc5]
*** make use of chroot and user namespaces
* Windows 64-bit NPAPI
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwn1&list_id=12929689 sbwn1]


== Triage Lists ==
== Triage Lists ==
* Triage list: http://is.gd/Mfb8L9
* Sandboxing Triage List: https://is.gd/ghRoW8
** Lists any bug with sb?
** Lists sandboxing component bugs that are not tracked by a milestone
** Lists sandboxing component bugs that are not tracked by a milestone
** Ignores sb+, sb-, and sb? bugs with needinfos
** Ignores previously triaged into either sb- or sb+
** meta bugs
** Ignores meta bugs and bugs with needinfos
* sb? Triage List: http://is.gd/B3KscF
* Global [https://bugzilla.mozilla.org/buglist.cgi?f1=flagtypes.name&o3=notsubstring&list_id=13952603&v3=meta&o1=notsubstring&resolution=---&status_whiteboard_type=substring&query_format=advanced&f3=keywords&status_whiteboard=sb%3F&v1=needinfo Triage List]
** does not include needinfo bugs
** Lists any bug in the database with sb?
** Ignores bugs with needinfos
* sb+ [https://mzl.la/2CSaniE triage list]
** Previously triaged bugs that have no milestone and no priority set
* sb? needinfos: http://is.gd/dnSyBs
* sb? needinfos: http://is.gd/dnSyBs
* webrtc specific sandboxing bugs: https://is.gd/c5bAe6
** sb tracking + 'webrtc'


== Tracking Bugs ==
= Roadmap =


* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=12887441 Sandboxing Component]
==2020 H1 - Main work focus==
* {{bug|925570}} Process sandboxing work
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1464032 Remote Canvas Drawing operations],
* {{bug|1011491}} Tighten Windows GMP sandbox policies
** Prerequisite for win32k.sys lockdown.
* {{bug|1066612}} Apply Chromium sandbox "process-level mitigations" to GMP process
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1381938 Remote Form widget drawing],
* {{bug|1105816}} Tighten Windows content sandbox policy
** Prerequisite for win32k.sys lockdown.
* {{bug|1083344}} Tighten rules for Mac OS content process sandbox on 10.9 and 10.10
** Follow-ups in [https://bugzilla.mozilla.org/show_bug.cgi?id=1615105 Bug for defaulting it on]
* {{bug|1149706}} Remaining issues for content process sandboxing on the Mac
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1642621 Remote WebGL drawing],
* {{bug|1123755}} Tighten Windows NPAPI process sandbox policy
** See also [https://bugzilla.mozilla.org/show_bug.cgi?id=1632249 Out-of-process WebGL compositing].
* {{bug|1196384}} (sandbox-fs) Deny file system access for content processes
** Follow-ups in [https://bugzilla.mozilla.org/show_bug.cgi?id=1642621 Make it shippable bug].
* {{bug|1124817}} Move file access and API usage away from content process
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1347710 Sandbox the GPU Process].
* {{bug|1280415}} Content sandbox issues on nightly desktop Firefox
** Stalled on non-reproducible [https://bugzilla.mozilla.org/show_bug.cgi?id=1630860 field issues].
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1400317 Remote Look and Feel + Theming].
** Prerequisite for win32k.sys lockdown.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1550900 Shared memory with read-only and read/write mode].
** Security and memory usage win.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1440203 Use memfd_create for shared memory].
** Performance win and would solve many issues with people running into problems with the default docker/kubernetes configurations that only give a tiny amount of shared memory.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1620118 Enable further telemetry for third-party process injection].
 
==2020 H2 - Main work focus==
* Carry-over of win32k.sys lockdown prerequisites from 2020 H1.
* Carry-over of stalled GPU sandboxing work.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1381019 Remaining win32k.sys blockers].
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1620114 Enable CIG in RDD].
** Investigate/experiment with feasibility of shipping CIG in content.


= Communication =
= Communication =
Line 385: Line 487:
  | Weekly Team Meeting
  | Weekly Team Meeting
|| Thursday at 8:00am PT
|| Thursday at 8:00am PT
* Vidyo: "PlatInt" room
* Zoom: By invitation, ask gcp@mozilla.com
* Invitation: Contact Jim Mathies to get added to the meeting invite list.
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]
* [https://wiki.mozilla.org/Security/Sandbox/Meeting_Notes Meeting Notes Archive]
|-
|-
| IRC
| Matrix
||
* Server: irc.mozilla.org
* Channel: [irc://irc.mozilla.org/e10s #boxing]
|-
| Newsgroup/Mailing List
||  
||  
* [mailto:boxing@lists.mozilla.org boxing@lists.mozilla.org]
* Server: chat.mozilla.org
* Channel: [https://chat.mozilla.org/#/room/#hardening:mozilla.org #hardening]
|-
|-
|}
|}


= People =
= People =
{| class="wikitable fullwidth-table"
 
{| class="wikitable fullwidth-table"
| Engineering Management
| Engineering Management
||
||
* Brad Lassey (blassey)
* Gian-Carlo Pascutto (gcp)
* Jim Mathies (jimm)
|-
|-
| Project Management
| Project Management
||
||
* TBD
* N/A
|-
|-
| QA
| QA
||
||
* Tracy Walker (Quality Assurance Lead)
* N/A
|-
|-
| Development Team
| Development Team
||  
||  
* Haik Aftandilian (haik)
* Haik Aftandilian (haik)
* Julian Hector (tedd)
* Jed Davis (jld)
* Jim Mathies (jimm)
* Chris Martin (cmartin)
* Bob Owen (bobowen)
* Bob Owen (bobowen)
* David Parks (handyman)
* Stephen Pohl (spohl)
* Gian-Carlo Pascutto (gcp)
* Gian-Carlo Pascutto (gcp)
|-
| Other Teams
|
* kang, [[Security/OpSec]]
* Security Engineering [[SecurityEngineering]]
|}
|}


= Repo Module Ownership =
= Repo Module Ownership =
* [[Modules/Core#Sandboxing|Cross platform]]
* [[Modules/Core#Sandboxing_-_Windows|Windows]]
* [[Modules/Core#Sandboxing_-_Windows|Windows]]
* [[Modules/Core#Sandboxing_-_OSX|OSX]]
* [[Modules/Core#Sandboxing_-_OSX|OSX]]
* [[Modules/Core#Sandboxing_-_Linux_.26_B2G|Linux/B2G]]
* [[Modules/Core#Sandboxing_-_Linux|Linux]]


= Links =
= Links =


* [[Electrolysis]] Wiki Page (lot of additional resource links)
* [[Electrolysis]] Wiki Page (lot of additional resource links)
* [[Security/Sandbox/macOS_Release]] - description of what to do when a new macOS release comes out in order to find out what updates they made to the sandbox.
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox]
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide]
Line 443: Line 537:
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)
* [http://en.wikipedia.org/wiki/Google_Native_Client Native Client on Wikipedia] (Links to papers on Native Client's design and use of SFI, as well as papers on SFI itself.)
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]
* [https://msdn.microsoft.com/en-us/library/windows/desktop/ff966517%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 Features of Protected Mode in Internet Explorer]
== Research ==
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's Internal Research page (2012)]


== B2G Archive ==
== B2G Archive ==
Line 453: Line 544:


B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access.  But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.
B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access.  But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.
== Older ==
* [https://docs.google.com/a/mozilla.com/document/d/1qS4Q1goehqy-55hIQEsEA_XY3lF4xfFColNKQm37KSg/edit?usp=sharing Old Meeting Notes]

Latest revision as of 17:47, 6 February 2024

Overview

550px-Sandboxing basic architecture.png

Security Sandboxing makes use of child processes as a security boundary. The process model, i.e. how Firefox is split into various processes and how these processes interact between each other is common to all platforms. For more information see the Electrolysis wiki page, and its sucessor, Project Fission. The security aspects of a sandboxed child process are implemented on a per-platform basis. See the Platform Specifics section below for more information.

Technical Docs

Current Status

Sandbox Trunk Beta Release
Level Level Version Level Version
Windows (content) Level 6 Level 6 Fx76 Level 6 Fx76
Windows (compositor) Level 1 Level 1 Level 1
Windows (GMP) enabled enabled enabled
Windows (Socket) Level 1 Level 1 Fx75 Level 1 Fx75
OSX (content) Level 3 Level 3 Fx56 Level 3 Fx56
OSX (GMP) enabled enabled enabled
OSX (RDD) enabled enabled enabled
OSX (Socket) enabled disabled disabled
Linux (content) Level 4 Level 4 Fx60 Level 4 Fx60
Linux (GMP) enabled enabled enabled

A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.

Windows

Content

Sandbox security related setting are grouped together and associated with a security level. Lower level values indicate a less restrictive sandbox.

Sandbox Feature Level 5 Level 6 (default)
Job Level JOB_LOCKDOWN JOB_LOCKDOWN
Access Token Level USER_LIMITED USER_LIMITED
Alternate Desktop YES YES
Alternate Windows Station YES YES
Initial Integrity Level INTEGRITY_LEVEL_LOW INTEGRITY_LEVEL_LOW
Delayed Integrity Level INTEGRITY_LEVEL_LOW INTEGRITY_LEVEL_LOW
Mitigations

MITIGATION_BOTTOM_UP_ASLR
MITIGATION_HEAP_TERMINATE
MITIGATION_SEHOP
MITIGATION_DEP_NO_ATL_THUNK
MITIGATION_DEP
MITIGATION_EXTENSION_POINT_DISABLE
MITIGATION_IMAGE_LOAD_NO_REMOTE
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL
MITIGATION_IMAGE_LOAD_PREFER_SYS32
MITIGATION_CONTROL_FLOW_GUARD_DISABLE
MITIGATION_WIN32K_DISABLE

MITIGATION_BOTTOM_UP_ASLR
MITIGATION_HEAP_TERMINATE
MITIGATION_SEHOP
MITIGATION_DEP_NO_ATL_THUNK
MITIGATION_DEP
MITIGATION_EXTENSION_POINT_DISABLE
MITIGATION_IMAGE_LOAD_NO_REMOTE
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL
MITIGATION_IMAGE_LOAD_PREFER_SYS32
MITIGATION_CONTROL_FLOW_GUARD_DISABLE
MITIGATION_WIN32K_DISABLE
Locked Down Default DACL

Delayed Mitigations

MITIGATION_STRICT_HANDLE_CHECKS
MITIGATION_DLL_SEARCH_ORDER

MITIGATION_STRICT_HANDLE_CHECKS
MITIGATION_DLL_SEARCH_ORDER

Windows Feature Header

Gecko Media Plugin (GMP)

Sandbox Feature Level
Job Level JOB_LOCKDOWN
Access Token Level USER_LOCKDOWN, USER_RESTRICTED[1]
Initial Integrity Level INTEGRITY_LEVEL_LOW
Delayed Integrity Level INTEGRITY_LEVEL_UNTRUSTED
Alternate desktop yes
Mitigations

MITIGATION_BOTTOM_UP_ASLR
MITIGATION_HEAP_TERMINATE
MITIGATION_SEHOP
MITIGATION_EXTENSION_POINT_DISABLE
MITIGATION_DEP_NO_ATL_THUNK
MITIGATION_DEP
MITIGATION_NONSYSTEM_FONT_DISABLE
MITIGATION_IMAGE_LOAD_NO_REMOTE
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL
MITIGATION_CET_COMPAT_MODE
Locked Down Default DACL

Delayed Mitigations

MITIGATION_STRICT_HANDLE_CHECKS
MITIGATION_DLL_SEARCH_ORDER

[1] depends on the media plugin

Remote Data Decoder (RDD)

Sandbox Feature Level
Job Level JOB_LOCKDOWN
Access Token Level USER_LIMITED
Initial Integrity Level INTEGRITY_LEVEL_LOW
Delayed Integrity Level INTEGRITY_LEVEL_LOW
Alternate desktop yes
Mitigations

MITIGATION_BOTTOM_UP_ASLR
MITIGATION_HEAP_TERMINATE
MITIGATION_SEHOP
MITIGATION_EXTENSION_POINT_DISABLE
MITIGATION_DEP_NO_ATL_THUNK
MITIGATION_DEP
MITIGATION_NONSYSTEM_FONT_DISABLE
MITIGATION_IMAGE_LOAD_NO_REMOTE
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL
MITIGATION_IMAGE_LOAD_PREFER_SYS32
MITIGATION_CET_COMPAT_MODE
Locked Down Default DACL

Delayed Mitigations

MITIGATION_STRICT_HANDLE_CHECKS
MITIGATION_DYNAMIC_CODE_DISABLE
MITIGATION_DLL_SEARCH_ORDER
MITIGATION_FORCE_MS_SIGNED_BINS

OSX

Content Levels for Web and File Content Processes

Mac content processes use sandbox level 3. File content processes (for file:/// origins) also use level 3 with additional rules to allow read access to the filesystem. Levels 1 and 2 can still be enabled in about:config, but they are not supported and using them is not recommended. Different sandbox levels were used for testing and debugging during rollout of Mac sandboxing features, but they now are planned to be removed. Mac sandboxing uses a white list policy for all process types. Each policy begins with a statement to deny all access to system resources and then specifies the allowed resources. The level 3 sandbox allows file system read metadata access with full read access for specific system directories and some user directories, access to the microphone, access to various system services, windowserver, named sysctls and iokit properties, and other miscellaneous items. Work is ongoing to remove access to the microphone, windowserver, and other system services where possible. The sandbox blocks write access to all of the file system, read access to the profile directory (apart from the chrome and extensions subdirectories, read access to the home directory, inbound/outbound network I/O, exec, fork, printing, video input devices such as cameras. Older sandbox levels 1 and 2 are less restrictive. Mainly, level 2 allows file-read access to all of the filesystem except the ~/Library directory. Level 1 allows all file-read access. Level 1 restrictions are a subset of level 2. Level 2 restrictions are a subset of level 3.

The web and file content policy is defined in SandboxPolicyContent.h

Gecko Media Plugin Processes

The Gecko Media Plugins (GMP) policy is defined in SandboxPolicyGMP.h.

Remote Data Decoder Processes

The Remote Data Decoder (RDD) policy is defined in SandboxPolicyUtility.h.

Socket Process

The socket process policy is defined in SandboxPolicySocket.h. At this time (May 2020), the socket process sandbox is only used on the Nightly channel and only for WebRTC networking.

Linux

Content Levels

Job Level What's Blocked by the Sandbox?
Level 1
  • Many syscalls, including process creation
Level 2
  • Everything from level 1
  • Write access to the filesystem
    • Excludes shared memory, tempdir, video hardware
Level 3
  • Everything from level 1-2
  • Read access to most of the filesystem
    • Excludes themes/GTK configuration, fonts, shared data and libraries
Level 4
  • Everything from level 1-3
  • Network access including local sockets
    • Excludes X11 socket
  • System V IPC
    • Unless fgxlrx or VirtualGL is in use
  • Uses chroot jail
  • Uses Unprivileged User Namespaces (if available)

Content Rules

Filter ruleset

Filesystem access policy

Gecko Media Plugin

Filter ruleset

Customization Settings

The Linux sandbox allows some amount of control over the sandbox policy through various about:config settings. These are meant to allow more non-standard configurations and exotic distributions to stay working - without compiling custom versions of Firefox - even if they can't be directly supported by the default configuration.

See Activity Logging for information on how to debug these scenarios.

security.sandbox.content.level

  • See Content Levels above. Reducing this can help identify sandboxing as the cause of a problem, but you're better of trying the more fine grained permissions below.

security.sandbox.content.read_path_whitelist
security.sandbox.content.write_path_whitelist

  • Comma-separated list of additional paths that the content process is allowed to read from or write to, respectively. To allow access to an entire directory tree (rather than just the directory itself), include a trailing / character.

security.sandbox.content.syscall_whitelist

  • Comma-seperated list of additional system call numbers that should be allowed in the content process. These affect the seccomp-bpf filter.

Preferences

Process Type Preference Type Preference
Content numerical security.sandbox.content.level
Windows NPAPI Plugin numerical dom.ipc.plugins.sandbox-level.default
dom.ipc.plugins.sandbox-level.<plugintype>
Compositor numerical security.sandbox.gpu.level
Media Embedded N/A

Note - Levels greater than the current default for a particular process type are not implemented.

File System Restrictions

Sandboxing enforces file system write and read restrictions for XUL based add-on content (frame and process) scripts. To avoid issues as sandboxing features roll out add-on authors should update their legacy add-on code today such that content scripts no longer attempt to read or write from restricted locations. Note these restrictions do not affect WebExtension content script or XUL add-on script running in the browser process.

File system access rules for content processes, reverse precedence:

Location Access Type Restriction
file system read/write deny by default
install location write deny
install location read allow
system library locations write deny
system library locations read allow
profile/* read/write deny by default
profile/extensions write deny
profile/extensions read allow

Debugging Features

Activity Logging

The following prefs control sandbox logging. On Windows, output is sent to the Browser Console when available, and to a developer console attached to the running browser process. On OSX, once enabled, violation log entries are visible in the Console.app (/Applications/Utilities/Console.app). On Linux, once enabled, violation log entries are logged on the command line console.

security.sandbox.logging.enabled (boolean)

security.sandbox.windows.log.stackTraceDepth (integer, Windows specific)

The following environment variables also triggers sandbox logging output: 

MOZ_SANDBOX_LOGGING=1

OSX Specific Sandbox Logging

On Mac, sandbox violation logging is disabled by default. To enable logging,

  1. Launch the OS X Console app (/Applications/Utilities/Console.app) and filter on "plugin-container".
  2. Either set the pref security.sandbox.logging.enabled=true and restart the browser OR launch the browser with the MOZ_SANDBOX_LOGGING environment variable set.

Linux specific Sandbox Logging

The following environment variable triggers extra sandbox debugging output: 

MOZ_SANDBOX_LOGGING=1

Environment variables

ENVIRONMENT VARIABLE DESCRIPTION PLATFORM
MOZ_DISABLE_CONTENT_SANDBOX Disables content process sandboxing for debugging purposes. All
MOZ_DISABLE_GMP_SANDBOX Disable media plugin sandbox for debugging purposes All
MOZ_DISABLE_NPAPI_SANDBOX Disable 64-bit NPAPI process sandbox Windows and Mac
MOZ_DISABLE_GPU_SANDBOX Disable GPU process sandbox Windows
MOZ_DISABLE_RDD_SANDBOX Disable Data Decoder process sandbox All
MOZ_DISABLE_SOCKET_PROCESS_SANDBOX Disable Socket Process process sandbox All

Setting a custom environment in Windows

1) Close Firefox
2) Browser to the location of your Firefox install using Explorer
3) Shift + Right-click in the folder window where firefox.exe is located, select "Open command window here"
4) Add the environment variable(s) you wish to set to your command window -

set MOZ_DISABLE_NPAPI_SANDBOX=1(return)

5) enter firefox.exe and press enter to launch Firefox with your custom environment

Local Build Options

To disable building the sandbox completely build with this in your mozconfig:

ac_add_options --disable-sandbox

To disable just the content sandbox parts:

ac_add_options --disable-content-sandbox

Bug Lists

Priorities

Security/Process Sandboxing Lists

Triage Lists

  • Sandboxing Triage List: https://is.gd/ghRoW8
    • Lists sandboxing component bugs that are not tracked by a milestone
    • Ignores previously triaged into either sb- or sb+
    • Ignores meta bugs and bugs with needinfos
  • Global Triage List
    • Lists any bug in the database with sb?
    • Ignores bugs with needinfos
  • sb+ triage list
    • Previously triaged bugs that have no milestone and no priority set
  • sb? needinfos: http://is.gd/dnSyBs
  • webrtc specific sandboxing bugs: https://is.gd/c5bAe6
    • sb tracking + 'webrtc'

Roadmap

2020 H1 - Main work focus

2020 H2 - Main work focus

Communication

Weekly Team Meeting Thursday at 8:00am PT
Matrix

People

Engineering Management
  • Gian-Carlo Pascutto (gcp)
Project Management
  • N/A
QA
  • N/A
Development Team
  • Haik Aftandilian (haik)
  • Jed Davis (jld)
  • Chris Martin (cmartin)
  • Bob Owen (bobowen)
  • David Parks (handyman)
  • Stephen Pohl (spohl)
  • Gian-Carlo Pascutto (gcp)

Repo Module Ownership

Links

B2G Archive

B2G has always been “sandboxed” to some extent; every app/tab gets its own content process, which uses the Android security model: a separate uid per process, no group memberships, and kernel patches that require group membership for things like network access. But privilege escalation via kernel vulnerabilities is relatively common, so we also use the seccomp-bpf system call filter to reduce the attack surface that a compromised content process can directly access.

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Sandbox&oldid=1249919"