Derbycon Bromium Labs: Sandboxes

Sandboxes:
A Pen-tester’s perspective
Rahul Kashyap rahul@bromium.com
Rahul Kashyap, rahul@bromium.com

Bromium Confidential
• Previously led McAfee Labs vuln research
• Done security startups and offense/defense security
research
• Bromium Labs
• Team has discovered several vulnerabilities in multiple platforms
• Spoken at several cool conferences
About
I’m
Hiring!

• Sandboxes: Introduction
 Architecture
 Types
• Sandboxes: Exploitation
 Kernel Mode
 User Mode
• Conclusion
Agenda

• Environment designed to run untrusted (or exploitable)
code, in a manner that prevents the encapsulated code
from damaging the rest of the system
• The aim of a sandbox is to isolate threats
• Our research focuses on security effectiveness of the
isolation primitives for application sandboxes
What is a sandbox?

• Type A: OS enhancement based (Sandboxie, Buffer Zone
Pro, Dell DDP)
• Type B: Master/slave model (Adobe ReaderX, Chrome
browser)
Types of Sandboxes

• A lot of commonly used code reliant on kernel components
and various services
• Large exposure to kernel interfaces
Digression: Windows OS

• Sandboxed app: dear kernel, please open a file for me, the
file name is at address X
• Kernel: X points to “allowed_file.txt” string; here goes a file
handle for you
• Sandboxed app: dear kernel, please open a file for me, the
file name is at address Y
• Kernel: Y points to “secret_file.txt” string; you are a
sandboxed app, I will not let you access this file
How kernel enforces access control

• Sandboxed app: dear kernel, please draw the text “Hello world”
for me please, using the true type font stored at address X
• Kernel: You are a sandboxed app, but using a font is a benign
operation which you need to function properly
• Kernel: OK, just a moment, I need to parse this font
• While processing the font, kernel corrupts its own memory
because the parser code in the kernel is buggy
• Because of memory corruption, kernel starts executing code at
X, which allows the app to do anything it wants
How kernel exploits work (example)

• Example: Sandboxie, BufferZone Pro, Dell DDP
• Custom kernel driver modifies Windows behavior, so that
change to protected system components is prevented
• Use cases: Most of such sandboxes are used for controlled
execution of applications
• Sandboxie is widely used for malware analysis
TYPE A

Application Sandbox Type A

• Example: Google Chrome, Adobe Reader
• Two processes - master and slave, talking over IPC channel
• Slave is confined using OS access control facilities
• Master mediates access to resources
• Use case: protect the application from exploitation
• Google Chrome and Adobe Reader are popular applications
mainly for web and content rendering
TYPE B

Architecture: Type B
• Master has smaller codebase,
the point being – it should be
tougher to exploit it
• Slave has a bigger attack
surface that needs to be
„brokered‟ by the master
• Slave still directly interacts
with the OS Kernel
• Slave also has access to
certain user mode
components

Application Sandbox Type B

• Slave runs with low privileges
• restricted token
• job object
• desktop object
• integrity level
Chromium sandbox on Windows

• How exhaustive is the OS-based confinement, according to
the documentation [2]?
• Mounted FAT or FAT32 volumes – no protection
• TCP/IP – no protection
• Access to most existing securable resources denied
• Everybody agrees it is good enough…

Chromium sandbox in action
Slave
Master

• How resistant is Master to a malicious Slave?
• This is what most authors focused on
• How resistant is OS to a malicious Slave?
• We focus on the last aspect
• Recently MWRLabs also bypassed Chrome using similar vector
Pwn2Own 2013[11]

Master/slave type sandbox on Windows,
Adobe Reader
Observe “Low”
Integrity level

• Exhaustive previous related work on methodology of
attacking the Master [3], [4]
• The first case of Adobe sandbox vulnerability exploited in
the wild reported in Feb 2013 [9]
• This escape possible because of a bug in Master
Master/slave type sandbox on Windows, Adobe
Reader

Master/slave type sandbox on Windows, Chrome
browser
Observe “untrusted”
Integrity level

• Slave de-privileged even more than stated in chrome
sandbox documentation
• “Untrusted” integrity level
• Particularly, access to FAT32 file system denied
Master/slave type sandbox on Windows, Chrome
browser

• Well-known cases of successful attacks against the master
(shown at Pwnium[5], Pwn2own[6])
• The attacks against the master are complex and relatively
rare
Chrome browser

• Slave can still exploit a kernel vulnerability
• bpf syscall filter on Linux - designed to limit exposure of OS #nice
• Some vulnerabilities are not exploitable by Slave
• If need to create a process
• If need to alter specific locations in the registry
• win32k.sys still much exposed
A vulnerability in win32k.sys can potentially be exploited at the
browser level, yielding full control over the machine directly, without
the need to achieve code execution in the sandbox first.
Chrome browser

Exploitation

CVE-2012-0217
Exploit: MS12-042
SANDBOX BYPASS
DEMO
(Kernel Mode Exploitation)
Sandbox
PWNY!

• Windows kernel issues are discovered increasingly
frequently
• 25 CVE for Windows kernel in 2012
• 73+ CVE till Sept 2013
• There have been attacks like Duqu that have targeted
kernel vulnerabilities
• Yes… it‟s a large attack surface
Is this a problem?

User Mode Exploitation
• Type A and Type B do not restrict
network connectivity for a
sandboxed process.
• The exception to this rule is
Google Chrome that has been
hardened to restrict TCP/IP
networking in case the renderer
got exploited.
• All vulns in these services are a
potential sandbox escape vector
• Even properly functioning code
can be abused

• ALPC ports are a low-level mechanism used for
interprocess communication on the Windows OS. Again,
many Windows services listen on ALPC ports; if a
sandboxed code can connect to these services, it can
attempt to exploit a vulnerability in it.
• Type A sandboxes are wide open to all of these
ALPC Ports

ALPC Ports: Adobe Reader vs Chrome
Adobe Reader XI (version 11.0.3):
lkd> !alpc /lpp fffffa80052ffb30
Ports created by the process fffffa80052ffb30:
fffffa8004f9fb50('OLEB45817786DEF457D9394B3110F6
B') 0, 1 connections fffffa8005312070 0 ->
fffffa8005279990 0 fffffa80078ddb30('svchost.exe')
Ports the process fffffa80052ffb30 is connected to:
fffffa80053073c0 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80050b7070 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')
fffffa800b4b9e60 0 -> fffffa8007912c30('lsasspirpc') 0
fffffa8007883210('lsass.exe')
fffffa8004f1adc0 0 -> fffffa8007b34e60('Audiosrv') 0
fffffa8007a1e9e0('svchost.exe')
fffffa8004f0e3f0 0 -> fffffa80079d4e60('epmapper') 31
fffffa80078ddb30('svchost.exe')
fffffa800535cb20 0 -> fffffa800798ea70('plugplay') 0
fffffa800797db30('svchost.exe')
Google Chrome browser (Version 27.0.1453.110 m)
lkd> !alpc /lpp fffffa80053a1060
Ports created by the process fffffa80053a1060:
<none>
Ports the process fffffa80053a1060 is connected to:
fffffa8005397b30 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80052c8dd0 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')

• “The vulnerability is caused by CSRSS improperly
validating permissions when a lower-integrity process
communicates a device event message to a higher-integrity
process.”
• Actually, the vulnerable versions of CSRSS performed no
validation or permission check at all, blindly executing
PostMessage with all parameters controllable by the peer.
• Errr... Shatter attack redux??
Example: CSRSS vulnerability (MS11-063)

CVE-2011-1967
Exploit: MS11-063
SANDBOX
User-Mode Exploitation

Summary
http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-
perspective/

CVE-2011-3402
Exploit: MS11-087
SiS’eh: Sandbox-in-Sandbox?Sandbox)
!)
Clueless
PWNY!
DiDi ™ :- Defense in Depth indeed!

Conclusion
• Application sandboxes are fundamentally vulnerable to kernel mode and certain
user mode vulnerabilities on the OS
• Breaking out of a sandbox by exploiting OS vulns provides far better ROI for the
attackers
• In our analysis Type A were far easier to escape out than Type B #$$ #Chrome
• Definitely avoid malware analysis inside application sandboxes! #D‟0h!

• Rafal Wojtczuk, Bromium Labs
• [1] http://www.sandboxie.com/
• [2] http://dev.chromium.org/developers/design-documents/sandbox
• [3] "A Castle Made of Sand - Adobe Reader X Sandbox" Richard Johnson
• [4] “Breeding Sandworms” - Zhenhua Liu, Guillaume Lovet
• [5] http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
• [6] "Pwn2Own 2012: Google Chrome browser sandbox first to fall"
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
• [7] Dennis Fisher
http://threatpost.com/en_us/blogs/its-time-abandon-java-012113
• [8] BufferZone Pro, http://www.trustware.com/BufferZone-Pro/
• [9] arstechnica.com/security/2013/02/zero-day-attack-exploits-latest-version-of-adobe-reader/
• [10] Duqu malware, http://em.wikipedia.org/wiki/Duqu
• [11] https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up---kernel-exploit/
Credits/References

@rckashyap
Thanks!
http://labs.bromium.com/

Derbycon Bromium Labs: Sandboxes

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Derbycon Bromium Labs: Sandboxes

Similar to Derbycon Bromium Labs: Sandboxes (20)

Recently uploaded

Recently uploaded (20)

Derbycon Bromium Labs: Sandboxes