Closed Bug 1096125 Opened 10 years ago Closed 10 years ago

[EME] Whitelist BCrypt.dll and Crypt32.dll

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla36
Tracking Flags:
Tracking Status
firefox37 --- fixed
firefox38 --- fixed
firefox39 --- fixed

People

(Reporter: cpearce, Assigned: cpearce)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Patch
1.36 KB, patch
bobowen
: review+
Details | Diff | Splinter Review
Adobe's guys would like BCrypt.dll and Crypt32.dll added to the sandbox's DLL whitelist. They want to use these functions to do the Output Protection Manager handshake. There doesn't seem to be anything worrisome exported by these DLLs, so I think we should just do it.
Attached patch PatchSplinter Review
Add DLLs to whitelist.
Assignee: nobody → cpearce
Status: NEW → ASSIGNED
Attachment #8519637 - Flags: review?(bobowencode)
Attachment #8519637 - Flags: review?(bobowencode) → review+
Chris (Pearce), only just read your other email, I'll get this landed. My only concern is whether any of the functions could be used for fingerprinting. I'm not really the right person to look at that sort of thing, so I think it is important that we get someone who knows more about it to look through the DLLs that will be loaded. Chris (Peterson) - I think this sort of thing is one of the important things to be looked at in a security review. They would need to look through all the DLLs in the white-list as well as those that are already loaded anyway. If any of the latter of these cause problems we may be able to unload them. It may well be that the sandbox will stop any troublesome functions from working, but we need to be able to test this.
Flags: needinfo?(cpeterson)
Just heard from Adobe, they figured out how to work around this. We don't need to whitelist these extra DLLs, so I think we should refrain from doing so unless we find a new reason in future. I will backout this changeset once the tree reopens. Sorry for the churn.
Backed out the behaviour change: https://hg.mozilla.org/integration/mozilla-inbound/rev/4814f960dca2 I left the comment corrections on the WMF audio DLLs from the original patch.
https://hg.mozilla.org/mozilla-central/rev/c129289d32d6
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Flags: needinfo?(cpeterson)
Mass update firefox-status to track EME uplift.
status-firefox37: --- → fixed
status-firefox38: --- → fixed
status-firefox39: --- → fixed
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: