feat: Electron Fuses, package time feature toggles #24241

MarshallOfSound · 2020-06-22T19:44:36Z

Problem Statement

Certain features or Electron are undesirable for specific deployments / environments and although they can be disabled / not-utilized at the app level certain security models take account for user-level code execution. E.g. Being able to run electron apps with ELECTRON_RUN_AS_NODE and just get a node binary is not-ideal. We want a way to toggle certain features in a way that both doesn't require app developers to build Electron in-house and ensures that OS level app integrity / code-signing protection (gatekeeper / app-locker) correctly prevent modification of these toggles.

Solution: Electron Fuses

Utilizing a known address / section of the app binary we can create a series of "fuses" (toggles) that can be overwritten after Electron has been built into a .app / .exe. These can be overwritten by writing raw data to the correct address in the binary. In order to locate this known address we use a fixed sentinel string that is guaranteed to directly prefix the fuses.

The format of this string is {sentinel}{fuse_version}{...fuses}.

This allows packaging tools to find the sentinel, and then know that the next byte is the fuse version and each sequential byte is a fuse. The fuse_version should be used to determine what each fuse is and how many there are. A handy tool @electron/fuses will be built to abstract away most of this complexity for developers.

Example use cases

This PR implements one use case (disabling ELECTRON_RUN_AS_NODE), other potential use cases which could be implemented in the future using this system.

Disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.)
Disabling the node debugger
Disable the app, app.asar, default_app.asar load path search and enforce only one of those is ever searched
Enforce certain webPrefs (E.g. all webContents must have sandbox, contextIsolation, etc.)
Other wild stuff that depends on other crazy ideas

Implementation Details

Adding a new fuse is as easy as adding a new key to the fuses.json file, the fuse implementation is automatically generated as part of the build step so if you add a new foo_thing_enabled fuse a new method electron::fuses::IsFooThingEnabled() will automatically exist.

To Do

Documentation
Build @electron/fuses for controlling the fuses at the packaging phase
Tests

Notes: Implemented Electron Fuses for customizing certain Electron features at package time.

build/fuses/build.py

shell/app/electron_library_main.mm

build/fuses/build.py

build/fuses/fuses.json

build/fuses/build.py

build/fuses/fuses.json

nornagon · 2020-09-28T21:31:56Z

build/fuses/build.py

+
+dir_path = os.path.dirname(os.path.realpath(__file__))
+
+SENTINEL = "dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX"


. o O ( instead of using this sentinel, could we export this as a symbol and then parse ELF/PE/mach-o to directly find the location? )

…re control

docs/tutorial/fuses.md

Co-authored-by: Jeremy Rose <jeremya@chromium.org>

shell/app/electron_library_main.mm

Co-authored-by: Jeremy Rose <jeremya@chromium.org>

release-clerk · 2020-10-27T17:49:29Z

Release Notes Persisted

Implemented Electron Fuses for customizing certain Electron features at package time.

phamminhvu · 2021-04-05T14:46:58Z

Hi Team,

We tried to follow the instruction for installing the library "fuses" to our electron project?
We used electron version 12.x.x
But looks like It is not ready to use yet.

Thank you very much for feedback!

Best regards,
Jason

electron-cation bot added the new-pr 🌱 PR opened recently label Jun 22, 2020

MarshallOfSound changed the title ~~feat: Electron Fuses, package time feature toggles~~ [WIP] feat: Electron Fuses, package time feature toggles Jun 22, 2020

nornagon reviewed Jun 22, 2020

View reviewed changes

build/fuses/build.py Outdated Show resolved Hide resolved

shell/app/electron_library_main.mm Outdated Show resolved Hide resolved

build/fuses/build.py Outdated Show resolved Hide resolved

build/fuses/fuses.json Outdated Show resolved Hide resolved

MarshallOfSound force-pushed the fuses branch 2 times, most recently from 602a28c to e7bc95c Compare June 22, 2020 22:10

MarshallOfSound mentioned this pull request Jun 23, 2020

Add a possibility to create a sealed app #24260

Closed

3 tasks

MarshallOfSound force-pushed the fuses branch from e7bc95c to 607b805 Compare June 23, 2020 17:32

electron-cation bot removed the new-pr 🌱 PR opened recently label Jun 23, 2020

MarshallOfSound force-pushed the fuses branch from 607b805 to a72f420 Compare June 24, 2020 16:57

nornagon reviewed Jun 24, 2020

View reviewed changes

build/fuses/build.py Outdated Show resolved Hide resolved

nornagon reviewed Jun 24, 2020

View reviewed changes

build/fuses/fuses.json Outdated Show resolved Hide resolved

zcbenz added the wip ⚒ label Jul 21, 2020

ghost mentioned this pull request Sep 13, 2020

[Feature Request] - Unlock database with Touch ID / Fingerprint keeweb/keeweb#679

Closed

MarshallOfSound mentioned this pull request Sep 28, 2020

Disable Inspection in Production Runtime #25651
Closed

3 tasks

nornagon reviewed Sep 28, 2020

View reviewed changes

MarshallOfSound added 7 commits October 2, 2020 14:03

feat: add new 'fuses' feature for package-time build-flag style featu…

1db385f

…re control

feat: put ENABLE_RUN_AS_NODE behind a fuse as well

858a6b4

chore: address PR feedback

05cf9bb

build: move FUSE_EXPORT to headers

0ab65be

build: use hex codes for kFuseWire char[]

afa4da4

docs: add fuse wire documentation

56c1d30

chore: update fuses.json info

728b4a8

MarshallOfSound changed the title ~~[WIP] feat: Electron Fuses, package time feature toggles~~ feat: Electron Fuses, package time feature toggles Oct 2, 2020

MarshallOfSound force-pushed the fuses branch from d230851 to 728b4a8 Compare October 2, 2020 21:07

nornagon reviewed Oct 2, 2020

View reviewed changes

MarshallOfSound removed the wip ⚒ label Oct 5, 2020

MarshallOfSound and others added 2 commits October 5, 2020 14:12

Apply suggestions from code review

4f871df

Co-authored-by: Jeremy Rose <jeremya@chromium.org>

chore: add link to fuse schema

30a526b

nornagon approved these changes Oct 6, 2020

View reviewed changes

shell/app/electron_library_main.mm Outdated Show resolved Hide resolved

Update shell/app/electron_library_main.mm

5940097

Co-authored-by: Jeremy Rose <jeremya@chromium.org>

MarshallOfSound merged commit dbf2931 into master Oct 27, 2020

MarshallOfSound deleted the fuses branch October 27, 2020 17:49

phamminhvu mentioned this pull request Apr 9, 2021

Electron fuse support for disabling bad flags (--disable-sandbox, --remote-debugging-port, etc.) electron/fuses#2

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: Electron Fuses, package time feature toggles #24241

feat: Electron Fuses, package time feature toggles #24241

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!


		dir_path = os.path.dirname(os.path.realpath(__file__))

		SENTINEL = "dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX"

feat: Electron Fuses, package time feature toggles #24241

feat: Electron Fuses, package time feature toggles #24241

Uh oh!

Conversation

Uh oh!

Problem Statement

Solution: Electron Fuses

Example use cases

Implementation Details

To Do

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!