Is it possible to change the Sandbox Level in Thunderbird?

Discussion in 'sandboxing & virtualization' started by Sampei Nihira, May 22, 2022.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    To verify:

    Opens the page that in Firefox corresponds to:

    about:support

    You will notice that the sandbox level is 0

    To modify

    Code:
    sandbox
     
    Last edited: May 22, 2022
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    6,173
    any reason to lower sandbox level? any issues on your side?

    to remember your question about browsers - no, it is NOT recommended to screw on any sandbox level, unless you are aware of consequences to harm your system.

    sandbox level means level of rights to execute, limited processes can not start other process and raise its sandbox level, and their access is limited. "anonymous" is equal to "guest", regular users are "medium".
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    Where would I have written that I intend to lower the sandbox level of Thunderbird?

    Code:
    security.sandbox.content.level
    The default value in Thunderbird is 0/1

    What is the value of the setting written above in Firefox?


    The thread is centered in that,I thought it was easy to understand..................:rolleyes:
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    This is the default on Linux from the "about:support" page:
    Code:
    Seccomp-BPF (System Call Filtering)    true
    Seccomp Thread Synchronization    true
    User Namespaces    true
    Content Process Sandboxing    true
    Media Plugin Sandboxing    true
    Content Process Sandbox Level    0
    Effective Content Process Sandbox Level    0
    Win32k Lockdown State for Content Process    Win32k Lockdown disabled -- Operating system not supported
    To try, I just set it to level 4, and it still works, but there is still only 1 Thunderbird process running so I don't think changing the level does anything in Thunderbird. Maybe because it is about the Content Process, but since it is not a web browser the sandbox is implemented differently.

    The default level in Firefox is 4 on Linux and 6 on Windows.
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    :thumb:
    Fission is not enabled by default in Thunderbird.
    You need to change the default setting.
    Like many other privacy/security settings that are enabled by default in Firefox and not in Thunderbird.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    Yes, but Firefox was already using multiple processes before Fission was implemented, just not 1 per site. Also it is to be expected that it is not enabled by default (yet) in Thunderbird, as it was enabled by default in Firefox v95 I think and TB is still on v91. Anyway, I enabled Fission.autostart but still see only 1 Thunderbird process.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    Ah maybe I understand what you mean.
    If you have only 1 account set up you necessarily have only 1 process.;):)
    If you set up multiple accounts you will have multiple processes.
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    @BoerenkoolMetWorst

    I leave the value as 1.
    Then I will experiment with 2.

    I also set the value 4.;)
     
    Last edited: May 25, 2022
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    I was already using multiple accounts. I installed Thunderbird on Windows to check it out and I see multiple processes even without changing sandbox level or enabling fission. So maybe my Linux knowledge is not good enough :argh: I used "ps -e" and "top" commands to view running processes, but it could of course be that it doesn't show multiple instances of the same process separately. That would explain it.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    After testing the value 4,when possible please write me a feedback?
    TH.
    :thumb:;):)

    P.S. It would be interesting to know the value at default of Firefox 91.

    Performed a test now with Firefox ESR 91.9.1 portable.
    The value at deafult is 6 (Windows).
     
    Last edited: May 25, 2022
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    I tested 4 and Fission on Linux, works fine but regardless it seems it always runs with 2 processes, so not sure if it actually does anything. (Quite a few tabs/emails open and multiple accounts.)
    On Windows same story(though with level 6 instead of 4.) There it is always using 3 processes regardless of the settings. (Multiple tabs/emails open, but those are old emails from a removed account, currently I don't have any accounts in Thunderbird on Windows.)
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,643
    Location:
    Italy
    Could any forum members check the default sandbox level in Thunderbird 102?
    I can't because I set the value "6" also in the previous version.

    Always value 0/1.

    I also modified this:


    Code:
    "privacy.query_stripping.enabled" set to true
    "privacy.query_stripping.enabled.pbmode" set to true
     
    Last edited: Jun 29, 2022
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    6,173
    i told you.

    first prefs is avaliable since Firefox 90 - must explicit activated.
    2nd now with v102 for private mode (pbmode) because otherwise even in strict mode it is not used.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.