Chromium's "safe-plugins" switch

Discussion in 'other software & services' started by Reimer, Sep 14, 2010.

Thread Status:
Not open for further replies.
  1. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    I was wondering about the effectiveness of using the safe-plugins switch with Chromium and how well, if at all, it mitigates exploits in plugins such as flash. For those who don't know, this switch enables Chromium to sandbox your plugins as well.

    For example, Adobe has yet again issued an advisory for flash and reader.
    http://www.adobe.com/support/security/advisories/apsa10-03.html

    Any input?

    Thanks
     
  2. Doritoes

    Doritoes Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    56
    Google Chrome already bundles a specialized version of the Adobe Flash Player in Chrome 5+ that it automatically sandboxes. The --safe-plugin switch would be used to tell Chrome to sandbox the other 3-rd party plugins that you install on your computer.

    I believe (but am not certain), that Chrome would stop this latest Flash Player bug from succeeding in touching things outside of it's sandbox since I haven't heard anything about a sandbox bypass.


    Edit: You need to add the --safe-plugins switch to Chrome to force the bundled Flash Player into a sandbox. The sandbox is not on by default for the plugin. Therefore, Chrome is vulnerable by default. You can test to see if the Flash Player is sandboxed by going to a site like http://converticon.com/ and trying to open a system file through Flash. The sandboxed plugin will do nothing.
     
    Last edited: Sep 15, 2010
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    where is this safe-plugins switch located?
     
  4. Doritoes

    Doritoes Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    56
    On a Google Chrome/Chromium shortcut on Windows:

    [1] Right-click->properties
    [2] In the target field, add --safe-plugins so it looks something like:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --safe-plugins

    [3] Replace your other Google Chrome shortcuts likewise (ie: the one pinned to your taskbar)
    [4] Restart your browser
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Re. the safe-plugin switch...

    Any idea why running plugins sandboxed was not the default? Wouldn't that make more sense? Is it more CPU-intensive?

    Does this step also take care of extensions or just the listed plugins?
     
  6. Doritoes

    Doritoes Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    56
    Plugins are not sandboxed by default because it can break some of their functionality. For example, after forcing plugins into sandboxes, Flash can no longer upload files from your hard drive to say an online photo editor because the access is denied.

    Regular Google Chrome extensions do not have native code plugins so the --safe-plugins switch does not affect them. Extensions that have NPAPI plugins like IE Tab would have their NPAPI plugins sandboxed after the switch is included.
     
  7. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Thanks for clearing that up!
     
  8. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    Just wanted to add to this thread.

    Chrome will automatically sandbox it's included flash plugin in upcoming releases. It should already do this in the latest Canary build.

    http://src.chromium.org/viewvc/chrome?view=rev&revision=66022




    On another note, I wanted to mention about Doritoes comment about the --safe-plugins switch not affecting extensions. I was playing with ProcessExplorer and enabled the Integrity status column.

    As you can seen in my first screenshot, not including the main Chromium process, there are a few processes running with Medium integrity. Those three happen to be extensions. This is with safe-plugins disabled.

    In the second screenshot, you can see that they are now all running with Low integrity. This is with safe-plugins enabled.

    I guess that means regular extensions are affected? These particular extensions do not have NPAPI plugins. For example, one of these plugins was "Yet Another Drag and Go".


    Either way, I thought this was interesting. I love the idea of my tabs, plugins, and extensions running with low integrity.


    Back to the topic on sandboxed flash, I gave it a try with safe-plugins disabled and flash does indeed run with low integrity (i.e sandboxed) :thumb:
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      17.9 KB
      Views:
      566
    • 2.JPG
      2.JPG
      File size:
      17.4 KB
      Views:
      563
Loading...
Thread Status:
Not open for further replies.