Page 1 of 1

Sandbox escape by Specter and Meltdown?

Posted: Sat Jan 06, 2018 1:10 pm
by asbai
Can Sandboxie prevent programs read memory out of its sandbox by using Specter and Meltdown vulnerabilities ?

Re: Sandbox escape by Specter and Meltdown?

Posted: Sat Jan 06, 2018 11:44 pm
by Syrinx
Despite my best efforts in the past (yes I'm looking at you, Curt & fam) SBIE has never attempted to include preventing memory reads into its protections so far. As such, there is literally not a single routine (I'm aware of) that attempts (via SBIE) to block memreads at any point! Even if there had ever been, with the small amount of (and lack of public POCs so far) it'd be hard to gauge how that might have worked out for us. For the moment however you can revel in the fact that SBIE has never attempted to block such memory reads and as such is not explicitly impacted by spectre attacks in a meaningful way.

This does NOT mean you are safe from spectre, while sandboxed, it really just amounts to there 'is no true difference atm.'

I can't say I'd be displeased if this caused them to rethink the entire memread aspect as it's something I've been drooling (and crowing?) about for years...but how helpful any such previous attempts to apply it outside of the existing protected process layers windows now contains might have been is another story that we will never know the answer to, as they never tried it. I actually suspect not much, if anything at all in the end, if they were to rely on readily available kernel APIs prior to recent patches (as I'd actually hope for) and possible future firmware updates. Even without that, regarding Spectre in particular, there is not a simulation that I can (currently) understand (and reproduce) to attempt and test, much less, say how that may have turned out thus far even if there had been such attempts to block memreads on their end. [Sorry, not a multiverse genius like Trump!]

To be honest with myself, despite also turning out to be an awesome potential 'drool over yourself' moment, I haven't really felt slighted with the possible (or impossible) protections SBIE might have offered with such a situation.

I'm still waiting for more information and perhaps some real life POC's so that I may have a better chance of understanding it all. Perhaps I'm entirely wrong but at this point I just don't see how we could expect SBIE to have protected us from either meltdown or spectre in the past or in the future without also subverting (and ruining) innocent routines. That all being said there are a couple of (other) areas that were previously exposed [months and months ago] which have still not been properly addressed [To My Knowledge] on their end and I have zero issues with reminding them or the rest of humanity of those...

I'm sorry, I'm an a-hole! I've been trying to keep to myself these last months per but the responses (and lack of) you folks are giving to the ppl with legit (if not innocent) questions regarding understandable worries (given the media) is just p***ing me the f*** off.

OK, I think I'm done talking to myself now ~ no wait we're all still here! DOH!

Keep in mind that we are just lowly souls seeking attention and nothing we say should be construed as facts or acted upon without prior professional council. Oh, and of course, nothing I say should be held against anyone (until proven true) in a court of law.

Re: Sandbox escape by Specter and Meltdown?

Posted: Sun Jan 07, 2018 11:57 pm
by Curt@invincea
Curt@invincea wrote:
Thu Jan 04, 2018 4:04 pm
shmu26 wrote:
Thu Jan 04, 2018 1:46 pm
They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory?
We are still investigating these issues. Since these are hardware problems that bypass Windows entirely, I doubt they can be stopped by sandboxing. Most likely these can only be mitigated by Windows kernel patches (i.e. Microsoft).

There is no reason to panic. There is no known exploit of this bug in the wild, and MS patches are being distributed now.

Re: Sandbox escape by Specter and Meltdown?

Posted: Tue Jan 09, 2018 10:32 am
by asbai
OK, thanks.

Hope 5.24 GA version release quickly.

Re: Sandbox escape by Specter and Meltdown?

Posted: Thu Jan 11, 2018 12:01 pm
by asbai
The Spectre & Meltdown Checker: ... pu-checker
cloud not run in a sandboxie (crashed), is it shown sandboxie can defend these two bugs effectively? :D

UPDATE: If I run it out of the sandbox firstly, then it back to work even if I re-run it in a sandbox.

Sandboxie: 5.23.3
Win7 64bit
ucode patch: Yes
MSW Patch: No