Author Topic: Sandboxing of Firefox  (Read 23021 times)

0 Members and 1 Guest are viewing this topic.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: Sandboxing of Firefox
« Reply #45 on: September 02, 2010, 12:33:18 AM »
Quote
- Sessions of Tab Mix Plus aren't saved. Each time I open FF, the last session is always the latest before I started sandboxing FF Tongue
- 3. The addons updates couldn't be applied. I'm getting an error each time I load Firefox.
web browsers checkboxes in UI didn't support all browsers - I've already implemented it today for the most web browsers; will be fixed in next version, thanks

Quote
1. Now Firefox sandboxed crashed... Got a black screen and then a white one... Weird...
the best thing is to generate user-mode crash dump: start Task Manager, find firefox.exe in Processes tab, right-click on it, Create Dump File

Quote
2. Besides the OS and hidden files options are checked, the sandbox appears on one of my drivers.
please check snx_lconfig.xml file in avast data folder, what's "HideTarget" value? (0=don't hide sandbox folder, 1=hide)
if you have "1" value set, what's F: volume? (fixed drive, or USB, ...?)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #46 on: September 02, 2010, 02:50:38 AM »
Web browsers checkboxes in UI didn't support all browsers - I've already implemented it today for the most web browsers; will be fixed in next version, thanks
Thanks.

the best thing is to generate user-mode crash dump: start Task Manager, find firefox.exe in Processes tab, right-click on it, Create Dump File
Will do it next time. Right now, without the sandbox, it's working.

please check snx_lconfig.xml file in avast data folder, what's "HideTarget" value? (0=don't hide sandbox folder, 1=hide)
if you have "1" value set, what's F: volume? (fixed drive, or USB, ...?)
<HideTarget value="1"/>
Drive F is a mounted partition of TrueCrypt (portable), mounted some seconds after booting.
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: Sandboxing of Firefox
« Reply #47 on: September 02, 2010, 02:52:35 AM »
Drive F is a mounted partition of TrueCrypt (portable), mounted some seconds after booting.

Maybe that will be the problem... I have to find out how I detect TrueCrypt volumes...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #48 on: September 08, 2010, 01:41:33 PM »
avast 5.0.667 version sandbox seems to be working with CTM 2.8.
Today a new version of CTM (2.9) was released. Also Firefox gets a new version. I need some time to test.

What I have already see is that some addons do not work.
For instance, Lazarus (forms restore).
http://lazarus.interclue.com/
The best things in life are free.

Offline Diazruanova

  • Full Member
  • ***
  • Posts: 148
Re: Sandboxing of Firefox
« Reply #49 on: September 08, 2010, 04:19:33 PM »
Lazarus is working fine with FireFox 3.6.9 (latest) SANDBOXED, avast Pro 5.0.677 (latest) so there must be something wrong with your set-up.



avast 5.0.667 version sandbox seems to be working with CTM 2.8.
Today a new version of CTM (2.9) was released. Also Firefox gets a new version. I need some time to test.

What I have already see is that some addons do not work.
For instance, Lazarus (forms restore).
http://lazarus.interclue.com/
Enrique Diazruanova

Built desktop PC with:
CPU:Intel Core i7-860 @ 2.94Ghz - RAM:8Gb DDR3-1333Mhz - GPU:XFX ATI Radeon HD 5670 - HD:Seagate 500Gb-7200 RPM
Windows 7 Home Premium 64bit SP1 - avast 6.0.1289 - MBAM Pro 1.51.2.1300

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #50 on: September 08, 2010, 04:26:09 PM »
I'll uninstall, install again and test.
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: Sandboxing of Firefox
« Reply #51 on: September 08, 2010, 06:26:53 PM »
As for Lazarus add-on: there exists a conceivable sequence of events that can lead to a conflict. I think it was caused by sync issues between non-virtualized FF and virtualized FF: when you install/configure add-ons in both FF running modes.

Non-virtualized FF uses a default FF profile while virtualized FF uses both sandbox storage (for the files changed by previous virtualized FF instances) and rest of files from the default FF profile. When you install Lazarus in non-virtualized FF, this changes some files in default FF profile dir. Now when you run virtualized FF, it may or may not see it, because sandboxed config files were not changed. I can simulate it very easily (I need cofingure add-ons in both FFs and install Lazarus in non-virt FF).

It should work well if you check "All settings" in Expert Settings -> Web Browsers. Then virtualized FF will use only the default FF profile. You can also push "delete contents" button in Settings and reload default FF configuration.

So, the conflicts cannot be solved easily (e.g. sandboxie is also affected). I'll see if I can do anything with this...

If you have other problematic add-ons, please let me know...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #52 on: September 08, 2010, 09:41:17 PM »
Just a curiosity: this avast version (5.0.677) does not give me BSODs with sandboxed Firefox + CTM :)
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #53 on: September 08, 2010, 09:56:02 PM »
It should work well if you check "All settings" in Expert Settings -> Web Browsers. Then virtualized FF will use only the default FF profile. You can also push "delete contents" button in Settings and reload default FF configuration.
My settings were already checked.
I've uninstall/install Lazarus outside of the sandbox.
Click "delete contents".
Worked :)

Please, considerer a command-line version of the sandbox. It's a real pain to run inside/outside of the sandbox.
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: Sandboxing of Firefox
« Reply #54 on: September 08, 2010, 09:58:03 PM »
Please, considerer a command-line version of the sandbox. It's a real pain to run inside/outside of the sandbox.

ok, you can send me the list of commands you'd be interested in...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #55 on: September 08, 2010, 10:02:47 PM »
Hmmm... Lazarus was disabled again...

About the commands:
1. Run inside of the sandbox.
2. Run outside of the sandbox.
3. Clean the storage and run inside of the sandbox.

Another question.
Is the session saved using Tab Mix Plus? Seems mine is not being saved.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #56 on: September 08, 2010, 11:05:28 PM »
I still need a way to exclude files from sandboxing.
I mean, while using Firefox sandboxed and trying to open a .csv file in Excel, the file is locked if Excel is running outside of the sandbox (i.e., Excel running before you open the .csv file from Firefox). If Excel is closed, the file is opened with Excel sandboxed. Then I can't save the file or open another to save the data to because Excel is sandboxed).
Maybe an exception to *.extension could be an option into the avast sandbox settings. Right now we can only exclude folders.
Also, it would be useful to have a setting to exclude processes from sandboxing (even if they were started by a sandboxed one, I mean, I could exclude excel.exe to be sandboxed when started by Firefox sandboxed).
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #57 on: September 08, 2010, 11:07:13 PM »
Hmmm... Lazarus was disabled again...
No way...

Also, the session tabs aren't saved by Tab Mix Plus regardless my settings.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67250
Re: Sandboxing of Firefox
« Reply #58 on: October 21, 2010, 02:17:26 AM »
Lazarus was disabled again.
Tab Mix Plus can't save the history (session, open tabs).
Indeed, if the sandbox could be a little more flexible with addons it will be good.
The best things in life are free.