App Container SID values

[Tomasz Moniuszko]

Hi,

There are some SID values returned from ChromeContentBrowserClient::GetAppContainerSidForSandboxType() method. These values are different for Chrome/Canary and non-Chrome build. Does it mean that browser based on Chromium (for instance Opera) should define its own values? If so, how to properly generate these SID values?

Thanks,

Tomasz

[Will Harris]

Hi Tomasz,

We made per-install and per-process SIDs just as another layer of defense in the sandbox, although the attacks that it defends against are highly theoretical and likely to be impractical - for example attacks that rely on horizontal movement from processes running at Low (e.g. GPU process, PPAPI process) to other processes running on the machine also at Low. The advantage of having different SIDs between different distributions means that, for example, an attacker could not leverage an memory corruption attack that exists in one version of Chrome and then an IPC vulnerability that exists in another (yes, I know, very theoretical!).

The SID values themselves are completely arbitrary and can be picked any way you like - we generated a random one to ensure that it didn't clash with other apps (from the Windows Store, that also run in AppContainers) installed. It should start with S-1-15-2 to be valid.

For completeness and consistency with Chrome, I would advise that you implement GetAppContainerSidForSandboxType() to return a different SID for each process type, as we have done in Chrome, and use a different random prefix value.

Will

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

[Tomasz Moniuszko]

Many thanks for you reply Will. It really explained a lot to me.

Tomasz