cef_sandbox.lib for Windows.

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

cef_sandbox.lib for Windows.

Postby rdh » Mon Jun 22, 2020 3:06 pm

I have pulled the binaries for Windows (64 bit) and have it running in our app. But, I cannot link with the cef_sandbox.lib file that came with the binaries as it used the /MT and the debug version used /MTd. I have already found the cef_dll_wrapper project and changed the settings to build it with /MD and /MDd. But, where can I found this sandbox project so I can build a Windows version that I can link with?

Here's hoping the answer isn't to pull the entire repository I found that uses "ninja" in order to build a single lib!
rdh
Techie
 
Posts: 28
Joined: Wed Jun 10, 2020 3:18 pm

Re: cef_sandbox.lib for Windows.

Postby magreenblatt » Mon Jun 22, 2020 3:38 pm

Sandbox support (linking cef_sandbox.lib) is only possible when your application is built with the /MT flag.
magreenblatt
Site Admin
 
Posts: 10184
Joined: Fri May 29, 2009 6:57 pm

Re: cef_sandbox.lib for Windows.

Postby rdh » Tue Jun 23, 2020 9:38 am

So sandbox is just not an option and we have to run with a less secure web system. Rats.
rdh
Techie
 
Posts: 28
Joined: Wed Jun 10, 2020 3:18 pm

Re: cef_sandbox.lib for Windows.

Postby rdh » Mon Jul 06, 2020 3:08 pm

No sandbox due to the /MD switch is causing great concern. Can I restrict rights on the subprocess programmatically in the subprocess? What settings does the sandbox code impose on the subprocess?

OR

I can link the subprocess with /MT if that allows me to turn on the sandbox, say via the command line, in the subprocess itself. I see the command line arg passed to the subprocess. That is, link my real app with /MD as I am doing. Keep both a wrapper dll and lib built with /MD and a wrapper dll and lib built with /MT. Then link the subprocess using /MT and then link to the sandbox lib.

I suppose what I am really getting at is this - If I have my own separate subprocess, does the main process even have to link with the sandbox lib in order for the supbrocess to be sandboxed?
rdh
Techie
 
Posts: 28
Joined: Wed Jun 10, 2020 3:18 pm

Re: cef_sandbox.lib for Windows.

Postby magreenblatt » Mon Jul 06, 2020 3:12 pm

See cef_sandbox_win.h documentation.
magreenblatt
Site Admin
 
Posts: 10184
Joined: Fri May 29, 2009 6:57 pm

Re: cef_sandbox.lib for Windows.

Postby rdh » Mon Jul 06, 2020 4:17 pm

I took a look at the include file. It's getting worse, not better. It says I have to use the same process, which I thought was not recommended to begin with?

How does one use CEF to host a simple web page in a dialog of an application that is not a browser application itself, and do so in a safe manner? Beginning to look impossible. This restriction means I cannot even find and obtain all the cef source and build all the DLLs with /MD and build the sandbox lib with /MD as there is no way CEF can realistically use my application as the subprocess host.
rdh
Techie
 
Posts: 28
Joined: Wed Jun 10, 2020 3:18 pm

Re: cef_sandbox.lib for Windows.

Postby magreenblatt » Mon Jul 06, 2020 4:42 pm

Unfortunately the sandbox usage limitations are inherent to the implementation in Chromium and not something that can be changed. You might consider hosting the browser dialog in a separate executable launched by and parented to your application.
magreenblatt
Site Admin
 
Posts: 10184
Joined: Fri May 29, 2009 6:57 pm

Re: cef_sandbox.lib for Windows.

Postby magreenblatt » Mon Jul 06, 2020 4:49 pm

If you’re planning to load random web content you will also want to regularly update your application to always have the newest and most secure Chromium version. Hosting the browser in a separate executable might also make that process easier.
magreenblatt
Site Admin
 
Posts: 10184
Joined: Fri May 29, 2009 6:57 pm

Re: cef_sandbox.lib for Windows.

Postby rdh » Tue Jul 07, 2020 8:13 am

I hadn't considered that. In this case the dialog isn't a free standing window, though I think I can still make that work if resizing and other actions don't cause issues. The website is specific to our app and both will communicate with each other making it a three way chain of events. I think first I'll see how much I can restrict the rights of the subprocess.
rdh
Techie
 
Posts: 28
Joined: Wed Jun 10, 2020 3:18 pm

Re: cef_sandbox.lib for Windows.

Postby magreenblatt » Tue Jul 07, 2020 9:05 am

If you control all content that will be loaded in the browser then having sandbox disabled is not necessarily a big security issue.
magreenblatt
Site Admin
 
Posts: 10184
Joined: Fri May 29, 2009 6:57 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 36 guests