Need help with Windows sandbox

6 views
Skip to first unread message

Yuta Kitamura

unread,
Jun 29, 2010, 3:17:53 AM6/29/10
to chromium-dev, uk...@chromium.org
Hello chromium-dev,

I'm searching for a Windows sandbox guru who tells me how to fix the following issue.

The problem:
In a worker (HTML5 worker) process, rand_s() function on Windows always fails with error code 12 (ENOMEM?). In contrast, a renderer process can call it and get a random number successfully. When --no-sandbox is specified, the problem is gone.

Background:
Original bug is filed at http://crbug.com/47390. In short:
  - WebSocket needs to obtain some random numbers on establishing a WebSocket connection,
  - It uses WebCore::randomNumber() function (JavaScriptCore/wtf/RandomNumber.h) for this purpose,
  - randomNumber() function uses rand_s() if available,
  - rand_s() fails in a worker process and always returns 0 as a random number, and
  - I observe strange behavior :(

What needs to be fixed:
Worker processes need to be able to call rand_s(). Renderer processes can call it, so I guess there's some difference between sandbox configurations of workers and renderers, but I'm not sure.

If you know something about this, please leave a comment here or at http://crbug.com/47390.

Thanks in advance,
Yuta

Evan Martin

unread,
Jun 29, 2010, 12:43:07 PM6/29/10
to yu...@google.com, chromium-dev, uk...@chromium.org
I am not a sandbox expert but it seems plausible to me that rand_s may
need to do some one-time initialization that the renderer process is
doing but the worker is not.

I searched for [package:chromium rand_s] using code search and found this:
http://www.google.com/codesearch/p?hl=en#hfE6470xZHk/chrome/nacl/nacl_main.cc&q=package:chromium%20rand_s&sa=N&cd=2&ct=rc&l=98

// Cause advapi32 to load before the sandbox is turned on.
unsigned int dummy_rand;
rand_s(&dummy_rand);
// Turn the sanbox on.
[...]

Perhaps it is related.

> --
> Chromium Developers mailing list: chromi...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-dev
>

Nicolas Sylvain

unread,
Jun 29, 2010, 1:03:09 PM6/29/10
to ev...@chromium.org, Gregory Dardyk, yu...@google.com, chromium-dev, uk...@chromium.org
On Tue, Jun 29, 2010 at 9:43 AM, Evan Martin <ev...@chromium.org> wrote:
I am not a sandbox expert but it seems plausible to me that rand_s may
need to do some one-time initialization that the renderer process is
doing but the worker is not.

I searched for [package:chromium rand_s] using code search and found this:
http://www.google.com/codesearch/p?hl=en#hfE6470xZHk/chrome/nacl/nacl_main.cc&q=package:chromium%20rand_s&sa=N&cd=2&ct=rc&l=98

   // Cause advapi32 to load before the sandbox is turned on.
   unsigned int dummy_rand;
   rand_s(&dummy_rand);
   // Turn the sanbox on.
   [...]

Perhaps it is related.
I am pretty sure it is.  We had to do stuff like that at multiple places to initialize code before we turn on the sandbox.  I suggest you use the same mechanism in the Worker process.

If you want more info, you can ask Gregory, who wrote this rand_s workaround. Otherwise let me know and I can do some more debugging. 

Nicolas

Yuta Kitamura

unread,
Jun 30, 2010, 1:24:28 AM6/30/10
to Nicolas Sylvain, ev...@chromium.org, Gregory Dardyk, chromium-dev, uk...@chromium.org
Thanks everyone,

Adding a dummy rand_s() call before LowerToken() magically fixes the problem! I will create a patch.

Regards,
Yuta
Reply all
Reply to author
Forward
0 new messages