Closed Bug 1096125 Opened 8 years ago Closed 8 years ago

[EME] Whitelist BCrypt.dll and Crypt32.dll


(Core :: Audio/Video, defect)

Not set



Tracking Status
firefox37 --- fixed
firefox38 --- fixed
firefox39 --- fixed


(Reporter: cpearce, Assigned: cpearce)


(Blocks 1 open bug)



(1 file)

Adobe's guys would like BCrypt.dll and Crypt32.dll added to the sandbox's DLL whitelist. They want to use these functions to do the Output Protection Manager handshake. There doesn't seem to be anything worrisome exported by these DLLs, so I think we should just do it.
Attached patch PatchSplinter Review
Add DLLs to whitelist.
Assignee: nobody → cpearce
Attachment #8519637 - Flags: review?(bobowencode)
Attachment #8519637 - Flags: review?(bobowencode) → review+
Chris (Pearce), only just read your other email, I'll get this landed.

My only concern is whether any of the functions could be used for fingerprinting.
I'm not really the right person to look at that sort of thing, so I think it is important that we get someone who knows more about it to look through the DLLs that will be loaded.

Chris (Peterson) - I think this sort of thing is one of the important things to be looked at in a security review.
They would need to look through all the DLLs in the white-list as well as those that are already loaded anyway. If any of the latter of these cause problems we may be able to unload them.

It may well be that the sandbox will stop any troublesome functions from working, but we need to be able to test this.
Flags: needinfo?(cpeterson)
Just heard from Adobe, they figured out how to work around this. We don't need to whitelist these extra DLLs, so I think we should refrain from doing so unless we find a new reason in future. I will backout this changeset once the tree reopens.

Sorry for the churn.
Backed out the behaviour change:

I left the comment corrections on the WMF audio DLLs from the original patch.
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Flags: needinfo?(cpeterson)
Mass update firefox-status to track EME uplift.
You need to log in before you can comment on or make changes to this bug.