Turn on DEP, SEHOP, HEAP_TERMINATE, DLL_SEARCH_ORDER process-level mitigations for the GMP sandbox.

RESOLVED FIXED in Firefox 37

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bobowen, Assigned: bobowen)

Tracking

unspecified
mozilla38
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(firefox37 fixed, firefox38 fixed)

Details

Attachments

(4 attachments)

(Assignee)

Description

3 years ago
I'm going to turn these on in separate patches to aid with bisection.
(Assignee)

Comment 1

3 years ago
Created attachment 8551357 [details] [diff] [review]
Part 1: Turn on DEP process-level mitigation for the GMP sandbox.
Attachment #8551357 - Flags: review?(tabraldes)
(Assignee)

Comment 2

3 years ago
Created attachment 8551358 [details] [diff] [review]
Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox.
Attachment #8551358 - Flags: review?(tabraldes)
(Assignee)

Comment 3

3 years ago
Created attachment 8551359 [details] [diff] [review]
Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox.
Attachment #8551359 - Flags: review?(tabraldes)
(Assignee)

Comment 4

3 years ago
Created attachment 8551360 [details] [diff] [review]
Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox.
Attachment #8551360 - Flags: review?(tabraldes)
(Assignee)

Comment 5

3 years ago
Chris - these don't appear to cause any problems with the tests or your clearkey plugin.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=63bed7b04657
Flags: needinfo?(cpearce)
TEST_DECODING works fine here with these too. Ship it!
Flags: needinfo?(cpearce)
Attachment #8551357 - Flags: review?(tabraldes) → review+
Attachment #8551358 - Flags: review?(tabraldes) → review+
Attachment #8551359 - Flags: review?(tabraldes) → review+
Attachment #8551360 - Flags: review?(tabraldes) → review+
Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to start testing when 37 hits Beta.
Flags: needinfo?(bobowen.code)
(Assignee)

Comment 10

3 years ago
Comment on attachment 8551357 [details] [diff] [review]
Part 1: Turn on DEP process-level mitigation for the GMP sandbox.

(In reply to Chris Peterson [:cpeterson] from comment #9)
> Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to
> start testing when 37 hits Beta.

Makes sense to me.

Approval Request Comment
[Feature/regressing bug #]: This is an improvement to the GMP process sandbox on Windows, which is already in Live.

[User impact if declined]: If a vulnerability is found in a GMP, the extra layers of protection these mitigations provide won't be enabled.

[Describe test coverage new/current, TreeHerder]: The mitigations are not tested directly, but there are GMP tests for webrtc and eme in tree, which helps ensure that these sandbox features don't cause a regression.
Also, as cpeterson points out, there will be more extensive testing from Adobe, once in Beta.

[Risks and why]: Low to medium: the changes themselves are small, but it is possible that they might cause regressions for GMPs, although I think it is unlikely.

[String/UUID change made/needed]: None
Flags: needinfo?(bobowen.code)
Attachment #8551357 - Flags: approval-mozilla-aurora?
(Assignee)

Comment 11

3 years ago
Comment on attachment 8551358 [details] [diff] [review]
Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551358 - Flags: approval-mozilla-aurora?
(Assignee)

Comment 12

3 years ago
Comment on attachment 8551359 [details] [diff] [review]
Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551359 - Flags: approval-mozilla-aurora?
(Assignee)

Comment 13

3 years ago
Comment on attachment 8551360 [details] [diff] [review]
Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551360 - Flags: approval-mozilla-aurora?
status-firefox37: --- → affected
status-firefox38: --- → fixed
Attachment #8551357 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551358 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551359 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551360 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.