Ticket #25112: 0001-Bug-25112-Tor-Browser-7.5-is-not-working-on-Windows-.patch

File 0001-Bug-25112-Tor-Browser-7.5-is-not-working-on-Windows-.patch, 3.8 KB (added by pospeselr, 22 months ago)

disables sandbox on Vista and below when in wow64 scenario

  • ipc/glue/GeckoChildProcessHost.cpp

    From 261ae014745e50ce84a79a99a9e2a9cd49cb8335 Mon Sep 17 00:00:00 2001
    From: Richard Pospesel <richard@torproject.org>
    Date: Tue, 6 Mar 2018 15:49:21 -0800
    Subject: [PATCH] Bug 25112: Tor Browser 7.5 is not working on Windows Vista
     64bit
    
    With sandboxing enabled on Vista, 32-bit Firefox uses another 64-bit
    process (wow_helper.exe) to patch functions in the loaded ntdll.dll
    in the child content process.  However, we are not building
    wow_helper.exe and it is not present, so the content process
    creation method silently fails.
    
    We 'could' go in and properly update the build system to build
    wow_helper.exe with 64-bit mingw.  However, Vista support is going
    away very soon for Tor Browser once we update to a newer Firefox ESR.
    Therefore, the more prudent fix is to simply disable sandboxing when
    running on Vista or lower in this WOW64 scenario, rather than to do
    the work to get wow_helper.exe building only to have to rip it all
    out in a few months when we rebase with latest Firefox ESR.  This
    logic is ifdef'd out for 64-bit builds.
    
    Verified the Tor Browser works as expected in following scenarios:
      32-bit Firefox on 32-bit Windows Vista -> Sandbox enabled
      32-bit Firefox on 64-bit Windows Vista -> Sandbox disabled
      32-bit Firefox on 64-bit Windows 7 -> Sandbox enabled
    ---
     ipc/glue/GeckoChildProcessHost.cpp | 51 ++++++++++++++++++++++++++++++++++++++
     1 file changed, 51 insertions(+)
    
    diff --git a/ipc/glue/GeckoChildProcessHost.cpp b/ipc/glue/GeckoChildProcessHost.cpp
    index 48051472aa45..db16a5314bb7 100644
    a b  
    4141#include <sys/stat.h>
    4242
    4343#ifdef XP_WIN
     44#include "mozilla/WindowsVersion.h"
    4445#include "nsIWinTaskbar.h"
    4546#define NS_TASKBAR_CONTRACTID "@mozilla.org/windows-taskbar;1"
    4647
    GeckoChildProcessHost::GetUniqueID() 
    304305  return sNextUniqueID++;
    305306}
    306307
     308// pospeselr: This is a temporary workaround for TBB 25112
     309// Once we're off of ESR 52 TweakSandboxLevel() should be removed
     310#ifdef XP_WIN
     311
     312// reduces sandbox level to 0 when running WOW64 on Vista and lower
     313// for 64-bit windows builds all this logic is unnecessary so we just
     314// pass-through
     315static int32_t
     316TweakSandboxLevel(int32_t sandboxLevel)
     317{
     318#ifdef _WIN64
     319  // we can't be running WOW64 if this is built as a 64-bit binary
     320  return sandboxLevel;
     321#else
     322  // 0 is as low as you can go, early out
     323  if (sandboxLevel == 0) {
     324    return 0;
     325  }
     326
     327  // Win7 and later can be sandboxed without issue
     328  if (mozilla::IsWin7OrLater()) {
     329    return sandboxLevel;
     330  }
     331
     332  // determine if we're 32-bit firefox on 64-bit windows (ie WOW64)
     333  typedef BOOL (WINAPI* IsWow64ProcessFunc)(HANDLE, PBOOL);
     334  IsWow64ProcessFunc IsWow64Process = reinterpret_cast<IsWow64ProcessFunc>(
     335      GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process"));
     336
     337  // according to the MSDN, older versions of windows may not have this function
     338  // assume that this function missing indicates we cannot sandbox
     339  if (IsWow64Process == nullptr) {
     340    return 0;
     341  }
     342
     343  // this function is non-zero on success, assume a failure means we
     344  // cannot sandbox
     345  BOOL isWow64 = FALSE;
     346  if (!IsWow64Process(GetCurrentProcess(), &isWow64)) {
     347    return 0;
     348  }
     349
     350  // finally, this BOOL indicate whether we're WOW64
     351  return isWow64 ? 0 : sandboxLevel;
     352#endif  // _WIN64
     353}
     354
     355#endif // XP_WIN
     356
    307357void
    308358GeckoChildProcessHost::PrepareLaunch()
    309359{
    GeckoChildProcessHost::PrepareLaunch() 
    322372  // We need to get the pref here as the process is launched off main thread.
    323373  if (mProcessType == GeckoProcessType_Content) {
    324374    mSandboxLevel = Preferences::GetInt("security.sandbox.content.level");
     375    mSandboxLevel = TweakSandboxLevel(mSandboxLevel);
    325376    mEnableSandboxLogging =
    326377      Preferences::GetBool("security.sandbox.windows.log");
    327378  }