Closed
Bug 1121479
Opened 9 years ago
Closed 9 years ago
Turn on DEP, SEHOP, HEAP_TERMINATE, DLL_SEARCH_ORDER process-level mitigations for the GMP sandbox.
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(4 files)
1.49 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
1.28 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
1.26 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
1.49 KB,
patch
|
TimAbraldes
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
I'm going to turn these on in separate patches to aid with bisection.
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8551357 -
Flags: review?(tabraldes)
Assignee | ||
Comment 2•9 years ago
|
||
Attachment #8551358 -
Flags: review?(tabraldes)
Assignee | ||
Comment 3•9 years ago
|
||
Attachment #8551359 -
Flags: review?(tabraldes)
Assignee | ||
Comment 4•9 years ago
|
||
Attachment #8551360 -
Flags: review?(tabraldes)
Assignee | ||
Comment 5•9 years ago
|
||
Chris - these don't appear to cause any problems with the tests or your clearkey plugin. https://treeherder.mozilla.org/#/jobs?repo=try&revision=63bed7b04657
Flags: needinfo?(cpearce)
Comment 6•9 years ago
|
||
TEST_DECODING works fine here with these too. Ship it!
Flags: needinfo?(cpearce)
Updated•9 years ago
|
Attachment #8551357 -
Flags: review?(tabraldes) → review+
Updated•9 years ago
|
Attachment #8551358 -
Flags: review?(tabraldes) → review+
Updated•9 years ago
|
Attachment #8551359 -
Flags: review?(tabraldes) → review+
Updated•9 years ago
|
Attachment #8551360 -
Flags: review?(tabraldes) → review+
Assignee | ||
Comment 7•9 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/52463ef12e63 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/4ad3ab545a8b remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/bec06786b974 remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/2a91d4a797df
Comment 8•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/52463ef12e63 https://hg.mozilla.org/mozilla-central/rev/4ad3ab545a8b https://hg.mozilla.org/mozilla-central/rev/bec06786b974 https://hg.mozilla.org/mozilla-central/rev/2a91d4a797df
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Comment 9•9 years ago
|
||
Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to start testing when 37 hits Beta.
Flags: needinfo?(bobowen.code)
Assignee | ||
Comment 10•9 years ago
|
||
Comment on attachment 8551357 [details] [diff] [review] Part 1: Turn on DEP process-level mitigation for the GMP sandbox. (In reply to Chris Peterson [:cpeterson] from comment #9) > Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to > start testing when 37 hits Beta. Makes sense to me. Approval Request Comment [Feature/regressing bug #]: This is an improvement to the GMP process sandbox on Windows, which is already in Live. [User impact if declined]: If a vulnerability is found in a GMP, the extra layers of protection these mitigations provide won't be enabled. [Describe test coverage new/current, TreeHerder]: The mitigations are not tested directly, but there are GMP tests for webrtc and eme in tree, which helps ensure that these sandbox features don't cause a regression. Also, as cpeterson points out, there will be more extensive testing from Adobe, once in Beta. [Risks and why]: Low to medium: the changes themselves are small, but it is possible that they might cause regressions for GMPs, although I think it is unlikely. [String/UUID change made/needed]: None
Flags: needinfo?(bobowen.code)
Attachment #8551357 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 11•9 years ago
|
||
Comment on attachment 8551358 [details] [diff] [review] Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox. See comment 10.
Attachment #8551358 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 12•9 years ago
|
||
Comment on attachment 8551359 [details] [diff] [review] Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox. See comment 10.
Attachment #8551359 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 13•9 years ago
|
||
Comment on attachment 8551360 [details] [diff] [review] Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox. See comment 10.
Attachment #8551360 -
Flags: approval-mozilla-aurora?
Updated•9 years ago
|
status-firefox37:
--- → affected
status-firefox38:
--- → fixed
Updated•9 years ago
|
Attachment #8551357 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•9 years ago
|
Attachment #8551358 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•9 years ago
|
Attachment #8551359 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•9 years ago
|
Attachment #8551360 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 14•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/06da1141e817 https://hg.mozilla.org/releases/mozilla-aurora/rev/cf64f625cd03 https://hg.mozilla.org/releases/mozilla-aurora/rev/004776aa9aa5 https://hg.mozilla.org/releases/mozilla-aurora/rev/7b6674e5a437
Assignee: nobody → bobowen.code
You need to log in
before you can comment on or make changes to this bug.
Description
•