New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 28 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Mar 2011
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Feature

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
link

Issue 50796: Sandbox built-in flash plugin (windows)

Reported by cpu@chromium.org, Jul 30 2010 Project Member

Issue description

This bug tracks progress in the sandboxing of the built-in flash plugin.

Tasks
1- Craft an approximate sandbox policy
2- Test, watch for access deny
3- Proxy more operations to the broker, go to step 1

The goal is to have a locked-down of a sandbox as it is reasonable given the feature set of flash.
 

Comment 1 by cpu@chromium.org, Jul 30 2010

Labels: Mstone-7

Comment 2 by bugdro...@gmail.com, Aug 2 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=54626 

------------------------------------------------------------------------
r54626 | cpu@chromium.org | 2010-08-02 15:59:55 -0700 (Mon, 02 Aug 2010) | 10 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_policy.cc?r1=54626&r2=54625

Start of a more restricitve sandbox policy for flash on windows
- This only works with --safe-plugins and the built-in-flash
- Removing all file IO

BUG= 50796 
TEST= use --safe-plugins and observe flash still works (for most sites)



Review URL: http://codereview.chromium.org/3043039
------------------------------------------------------------------------

Comment 3 by bugdro...@gmail.com, Aug 30 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=57899 

------------------------------------------------------------------------
r57899 | cpu@chromium.org | 2010-08-30 13:40:45 -0700 (Mon, 30 Aug 2010) | 12 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_policy.cc?r1=57899&r2=57898
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/plugin/plugin_main.cc?r1=57899&r2=57898

Sandboxing built-in flash

This is the last change needed to have an experimental sandboxed flash for windows
- Adds an export so flash can lower the token
- Thightents the policy a bit
- Sets a separate flash data directory.

BUG= 50796 
TES=see bug


Review URL: http://codereview.chromium.org/3245006
------------------------------------------------------------------------

Comment 4 by bugdro...@gmail.com, Sep 21 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=60018

------------------------------------------------------------------------
r60018 | cpu@chromium.org | Mon Sep 20 21:46:46 PDT 2010

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_policy.cc?r1=60018&r2=60017&pathrev=60018

Sandbox built-in flash player. Spawn broker
- Now is chrome duty to spawn flash broker. Flash cannot do it by itself on XP

The flash broker is hosted in rundll32.exe. An extra switch is added to the command line
of the plug-in process so flash player can contact its broker.

BUG= 50796 
TEST=see bug for testing info

Review URL: http://codereview.chromium.org/3432014
------------------------------------------------------------------------

Comment 5 by lafo...@chromium.org, Oct 12 2010

Labels: -Mstone-7 Mstone-8
Bulk moving to mstone 8, at this point work on m7 should effectively be closed.  If something in this bulk edit is not actively being worked on, please change the mstone to m9.

Comment 6 by lafo...@chromium.org, Oct 19 2010

Labels: -Mstone-8 Mstone-9
Since we are passed the branch, moving all mstone-8 issues to mstone-9 for triage/punting

Comment 7 by cpu@chromium.org, Nov 12 2010

Almost ready. The flag to disable sandboxed flash is

--disable-flash-sandbox


To test
========
1- Download an install canary
2- Make sure that about plugins says flash is 10.1.103.20
3- Go to a page that has flash, like youtube, it should work

Using process explorer on Vista or Win7 verify that rundll32.exe is running and that flash (plugin) process is low integrity. See attached screenshot.
flash_is_sboxed.PNG
1023 KB View Download

Comment 8 by bugdro...@gmail.com, Nov 13 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=66022

------------------------------------------------------------------------
r66022 | cpu@chromium.org | Fri Nov 12 16:22:46 PST 2010

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_policy.cc?r1=66022&r2=66021&pathrev=66022
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.cc?r1=66022&r2=66021&pathrev=66022
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.h?r1=66022&r2=66021&pathrev=66022
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/plugin/plugin_main.cc?r1=66022&r2=66021&pathrev=66022

Enable sandboxed flash on windows by default.

It requires flash 10.1.103.19 or better, the current
flash in trunk is 10.1.103.20 so we are fine.


BUG= 50796 
TEST=see bug


Review URL: http://codereview.chromium.org/4870001
------------------------------------------------------------------------

Comment 9 by bugdro...@gmail.com, Nov 17 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=66479

------------------------------------------------------------------------
r66479 | laforge@chromium.org | Wed Nov 17 10:48:48 PST 2010

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/587/src/chrome/common/chrome_switches.h?r1=66479&r2=66478&pathrev=66479
 M http://src.chromium.org/viewvc/chrome/branches/587/src/chrome/plugin/plugin_main.cc?r1=66479&r2=66478&pathrev=66479
 M http://src.chromium.org/viewvc/chrome/branches/587/src/chrome/common/sandbox_policy.cc?r1=66479&r2=66478&pathrev=66479
 M http://src.chromium.org/viewvc/chrome/branches/587/src/chrome/common/chrome_switches.cc?r1=66479&r2=66478&pathrev=66479

Revert 66022 - Enable sandboxed flash on windows by default.

It requires flash 10.1.103.19 or better, the current
flash in trunk is 10.1.103.20 so we are fine.


BUG= 50796 
TEST=see bug


Review URL: http://codereview.chromium.org/4870001

TBR=cpu@chromium.org
Review URL: http://codereview.chromium.org/5174003
------------------------------------------------------------------------

Comment 12 by lafo...@chromium.org, Nov 30 2010

Labels: -Mstone-9 Mstone-10 MovedFrom-9
Moving all mstone:9 bugs that are not ReleaseBlockers to mstone:10

Comment 13 by brycesto...@gmail.com, Nov 30 2010

Is this fixed? If so, Mstone-9 again?

Comment 14 by rflaz...@gmail.com, Dec 1 2010

 Issue 62905 : Hung Chrome Process(es)

Comment 15 by catalin....@gmail.com, Jan 25 2011

Would the current implementation of Flash sandboxing be suitable for disabling sound for individual webpages? (as explained in  Issue 3541  )

Comment 16 by k...@google.com, Jan 27 2011

Labels: -Mstone-10 Mstone-11 MovedFrom-10
Move to M11 from M10, as we've now branched.  If you believe this bug was moved in error, please come talk to me.

Comment 17 by fabios4r...@gmail.com, Feb 3 2011

according to your blog post http://googlechromereleases.blogspot.com/ this feature is already in M9 as of yesterday... so can this be marked as fixed?

Comment 18 by cpu@chromium.org, Mar 8 2011

Status: Fixed
This feature will be on by default in Chrome 10.

If this causes problems you can disable it with --disable-flash-sandbox added to chrome command line.

Comment 19 by Deleted ...@, Apr 22 2011

I've got an issue with this: my firewall is set to block all outgoing connections (to protect against trojans "dialing home"). Naturally, I made an exception for chrome, but I'm reluctant to also make an exception for rundll32.exe, as it is a generic application that executes arbitrary dll's. It'd be helpful if you could run plugins in your own container, like firefox does.

Comment 20 by pascal.h...@gmail.com, Apr 22 2011

this bug is marked as fixed.
please file a new bug for your issue.

Comment 21 by bugdroid1@chromium.org, Oct 13 2012

Project Member
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.

Comment 22 by bugdroid1@chromium.org, Mar 10 2013

Project Member
Labels: -Area-Internals -Feature-Flash -Mstone-11 Cr-Content-Plugins-Flash Cr-Internals M-11

Comment 23 by bugdroid1@chromium.org, Mar 13 2013

Project Member
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Comment 24 by bugdroid1@chromium.org, Apr 6 2013

Project Member
Labels: Cr-Blink

Comment 25 by bugdroid1@chromium.org, Apr 6 2013

Project Member
Labels: -Cr-Content-Plugins-Flash Cr-Internals-Plugins-Flash

Sign in to add a comment