Closed
Bug 1121479
Opened 11 years ago
Closed 11 years ago
Turn on DEP, SEHOP, HEAP_TERMINATE, DLL_SEARCH_ORDER process-level mitigations for the GMP sandbox.
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(4 files)
|
1.49 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
1.28 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
1.26 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
|
1.49 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
I'm going to turn these on in separate patches to aid with bisection.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8551357 -
Flags: review?(tabraldes)
|
|
Assignee | |
Comment 2•11 years ago
|
||
Attachment #8551358 -
Flags: review?(tabraldes)
|
|
Assignee | |
Comment 3•11 years ago
|
||
Attachment #8551359 -
Flags: review?(tabraldes)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #8551360 -
Flags: review?(tabraldes)
|
|
Assignee | |
Comment 5•11 years ago
|
||
Chris - these don't appear to cause any problems with the tests or your clearkey plugin.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=63bed7b04657
Flags: needinfo?(cpearce)
|
||
Comment 6•11 years ago
|
||
TEST_DECODING works fine here with these too. Ship it!
Flags: needinfo?(cpearce)
|
||
Updated•11 years ago
|
Attachment #8551357 -
Flags: review?(tabraldes) → review+
|
|
||
Updated•11 years ago
|
Attachment #8551358 -
Flags: review?(tabraldes) → review+
|
|
||
Updated•11 years ago
|
Attachment #8551359 -
Flags: review?(tabraldes) → review+
|
|
||
Updated•11 years ago
|
Attachment #8551360 -
Flags: review?(tabraldes) → review+
|
|
Assignee | |
Comment 7•11 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/52463ef12e63
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/4ad3ab545a8b
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/bec06786b974
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/2a91d4a797df
|
||
Comment 8•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/52463ef12e63
https://hg.mozilla.org/mozilla-central/rev/4ad3ab545a8b
https://hg.mozilla.org/mozilla-central/rev/bec06786b974
https://hg.mozilla.org/mozilla-central/rev/2a91d4a797df
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
|
||
Comment 9•11 years ago
|
||
Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to start testing when 37 hits Beta.
Flags: needinfo?(bobowen.code)
|
|
Assignee | |
Comment 10•11 years ago
|
||
Comment on attachment 8551357 [details] [diff] [review]
Part 1: Turn on DEP process-level mitigation for the GMP sandbox.
(In reply to Chris Peterson [:cpeterson] from comment #9)
> Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to
> start testing when 37 hits Beta.
Makes sense to me.
Approval Request Comment
[Feature/regressing bug #]: This is an improvement to the GMP process sandbox on Windows, which is already in Live.
[User impact if declined]: If a vulnerability is found in a GMP, the extra layers of protection these mitigations provide won't be enabled.
[Describe test coverage new/current, TreeHerder]: The mitigations are not tested directly, but there are GMP tests for webrtc and eme in tree, which helps ensure that these sandbox features don't cause a regression.
Also, as cpeterson points out, there will be more extensive testing from Adobe, once in Beta.
[Risks and why]: Low to medium: the changes themselves are small, but it is possible that they might cause regressions for GMPs, although I think it is unlikely.
[String/UUID change made/needed]: None
Flags: needinfo?(bobowen.code)
Attachment #8551357 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 11•11 years ago
|
||
Comment on attachment 8551358 [details] [diff] [review]
Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox.
See comment 10.
Attachment #8551358 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 12•11 years ago
|
||
Comment on attachment 8551359 [details] [diff] [review]
Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox.
See comment 10.
Attachment #8551359 -
Flags: approval-mozilla-aurora?
|
|
Assignee | |
Comment 13•11 years ago
|
||
Comment on attachment 8551360 [details] [diff] [review]
Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox.
See comment 10.
Attachment #8551360 -
Flags: approval-mozilla-aurora?
|
||
Updated•11 years ago
|
status-firefox37:
--- → affected
status-firefox38:
--- → fixed
|
|
||
Updated•11 years ago
|
Attachment #8551357 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Updated•11 years ago
|
Attachment #8551358 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Updated•11 years ago
|
Attachment #8551359 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Updated•11 years ago
|
Attachment #8551360 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
||
Comment 14•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/06da1141e817
https://hg.mozilla.org/releases/mozilla-aurora/rev/cf64f625cd03
https://hg.mozilla.org/releases/mozilla-aurora/rev/004776aa9aa5
https://hg.mozilla.org/releases/mozilla-aurora/rev/7b6674e5a437
Assignee: nobody → bobowen.code
You need to log in
before you can comment on or make changes to this bug.
Description
•