本篇主要说下沙箱的环境变量策略【Environment】:
一、环境变量:
getEnvironmentStrings 函数返回指向内存块的指针,该内存块包含调用进程的环境变量 (系统和用户环境变量)
getEnvironmentStrings 函数 (processenv.h) - Win32 apps | Microsoft Learn
使用例子参考 :更改环境变量 - Win32 apps | Microsoft Learn
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <strsafe.h>
#define BUFSIZE 4096
int _tmain()
{
TCHAR chNewEnv[BUFSIZE];
LPTSTR lpszCurrentVariable;
DWORD dwFlags=0;
TCHAR szAppName[]=TEXT("ex3.exe");
STARTUPINFO si;
PROCESS_INFORMATION pi;
BOOL fSuccess;
// Copy environment strings into an environment block.
lpszCurrentVariable = (LPTSTR) chNewEnv;
if (FAILED(StringCchCopy(lpszCurrentVariable, BUFSIZE, TEXT("MySetting=A"))))
{
printf("String copy failed\n");
return FALSE;
}
lpszCurrentVariable += lstrlen(lpszCurrentVariable) + 1;
if (FAILED(StringCchCopy(lpszCurrentVariable, BUFSIZE, TEXT("MyVersion=2"))))
{
printf("String copy failed\n");
return FALSE;
}
// Terminate the block with a NULL byte.
lpszCurrentVariable += lstrlen(lpszCurrentVariable) + 1;
*lpszCurrentVariable = (TCHAR)0;
// Create the child process, specifying a new environment block.
SecureZeroMemory(&si, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
#ifdef UNICODE
dwFlags = CREATE_UNICODE_ENVIRONMENT;
#endif
fSuccess = CreateProcess(szAppName, NULL, NULL, NULL, TRUE, dwFlags,
(LPVOID) chNewEnv, // new environment block
NULL, &si, &pi);
if (! fSuccess)
{
printf("CreateProcess failed (%d)\n", GetLastError());
return FALSE;
}
WaitForSingleObject(pi.hProcess, INFINITE);
return TRUE;
}二、环境变量控制策略实现:
sandbox\win\src\target_process.cc
在创建的进程根据测试限制其只能访问指定环境变量:
// Only copy a limited list of variables to the target from the broker's
// environment. These are
// * "Path", "SystemDrive", "SystemRoot", "TEMP", "TMP": Needed for normal
// operation and tests.
// * "LOCALAPPDATA": Needed for App Container processes.
// * "CHROME_CRASHPAD_PIPE_NAME": Needed for crashpad.
if (startup_info_helper->IsEnvironmentFiltered()) {
wchar_t* old_environment = ::GetEnvironmentStringsW();
if (!old_environment) {
return SBOX_ERROR_CANNOT_OBTAIN_ENVIRONMENT;
}
// Only copy a limited list of variables to the target from the broker's
// environment. These are
// * "Path", "SystemDrive", "SystemRoot", "TEMP", "TMP": Needed for normal
// operation and tests.
// * "LOCALAPPDATA": Needed for App Container processes.
// * "CHROME_CRASHPAD_PIPE_NAME": Needed for crashpad.
static constexpr std::wstring_view to_keep[] = {
L"Path",
L"SystemDrive",
L"SystemRoot",
L"TEMP",
L"TMP",
L"LOCALAPPDATA",
L"CHROME_CRASHPAD_PIPE_NAME"};
new_env = FilterEnvironment(old_environment, to_keep);
::FreeEnvironmentStringsW(old_environment);
}
bool inherit_handles = startup_info_helper->ShouldInheritHandles();
PROCESS_INFORMATION temp_process_info = {};
if (!::CreateProcessAsUserW(lockdown_token_.get(), exe_path, cmd_line.get(),
nullptr, // No security attribute.
nullptr, // No thread attribute.
inherit_handles, flags,
new_env.empty() ? nullptr : std::data(new_env),
nullptr, // Use current directory of the caller.
startup_info->startup_info(),
&temp_process_info)) {
*win_error = ::GetLastError();
return SBOX_ERROR_CREATE_PROCESS;
}
bas三、看下浏览器进程的环境变量情况截图:
1、主进程环境变量:
2、GPU进程环境变量:
3、network进程环境变量:
4、storage service进程环境变量:
5、备用渲染进程受沙箱环境变量策略限制:
只有受限的Path", "SystemDrive", "SystemRoot", "TEMP", "TMP"等。
6、新标签进程受沙箱环境变量策略限制:
只有受限的Path", "SystemDrive", "SystemRoot", "TEMP", "TMP"等。
7、辅助框架进程受沙箱环境变量策略限制:
只有受限的Path", "SystemDrive", "SystemRoot", "TEMP", "TMP"等。
