[Bug 52845] New: Recent versions of chromium have broken sandbox again
https://bugs.winehq.org/show_bug.cgi?id=52845 Bug ID: 52845 Summary: Recent versions of chromium have broken sandbox again Product: Wine Version: 7.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: dark.shadow4(a)web.de Distribution: --- Somewhere between chromium-946247 (commit 4e7609b62147866fb7b226fd6efbe1ae4d2f1aca and chromium-946263 (commit 1bd694702105072e57b980512130a3212675ec19) the sandbox got changes so it doesn't work under wine anymore. Result is a black screen and soon a crash. This affects both 32bit and 64bit chromium. Note: chromium should be located inside the WINEPREFIX, it won't run outside! Nightly versions to test with (chrome-win.zip) https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.ht... https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.ht... I tried to build from source on my Win11 machine, but those versions don't run under wine at all, even if compiling the same commit as the nightly versions. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://commondatastorage.g | |oogleapis.com/chromium-brow | |ser-snapshots/index.html?pr | |efix=Win/946263/ Keywords| |download -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 --- Comment #1 from Fabian Maurer <dark.shadow4(a)web.de> --- I personally suspect https://github.com/chromium/chromium/commit/158c5fad3ef830e95f1eedb702878697... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 --- Comment #2 from Fabian Maurer <dark.shadow4(a)web.de> --- (In reply to Fabian Maurer from comment #1)
I personally suspect https://github.com/chromium/chromium/commit/ 158c5fad3ef830e95f1eedb702878697e4dd0154
Bisected chromium, this is indeed the change that breaks under wine. I'll report back if I find out anything else. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 --- Comment #3 from Fabian Maurer <dark.shadow4(a)web.de> --- To be exact, what breaks it is the changes to RevokeLogonSidFromDefaultDacl, see https://github.com/chromium/chromium/commit/158c5fad3ef830e95f1eedb702878697... Take the following code:
absl::optional<base::win::Sid> logon_sid = query_token->LogonId(); if (!logon_sid) return ::GetLastError() == ERROR_NOT_FOUND;
if calls into
absl::optional<Sid> AccessToken::LogonId() const { std::vector<AccessToken::Group> groups = GetGroupsFromToken(token_.Get(), TokenLogonSid); for (const AccessToken::Group& group : groups) { if (group.IsLogonId()) return group.GetSid().Clone(); } return absl::nullopt;
using
bool AccessToken::Group::IsLogonId() const { return (attributes_ & SE_GROUP_LOGON_ID) == SE_GROUP_LOGON_ID; }
In short, chromium expects one group of the token to belong to the logon group. If that's not the case, it errors out. Sending in a patch soon. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Hopefully fixed by dd99319cdebe783c9c3def3a39c8b6ab73689c5f. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #5 from Fabian Maurer <dark.shadow4(a)web.de> --- Confirming fixed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 Zeb Figura <z.figura12(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |dd99319cdebe783c9c3def3a39c | |8b6ab73689c5f -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=52845 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 7.8. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla