Closed Bug 1121479 Opened 9 years ago Closed 9 years ago

Turn on DEP, SEHOP, HEAP_TERMINATE, DLL_SEARCH_ORDER process-level mitigations for the GMP sandbox.

Categories

(Core :: Security: Process Sandboxing, defect)

x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla38
Tracking Status
firefox37 --- fixed
firefox38 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

Attachments

(4 files)

I'm going to turn these on in separate patches to aid with bisection.
Chris - these don't appear to cause any problems with the tests or your clearkey plugin.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=63bed7b04657
Flags: needinfo?(cpearce)
TEST_DECODING works fine here with these too. Ship it!
Flags: needinfo?(cpearce)
Attachment #8551357 - Flags: review?(tabraldes) → review+
Attachment #8551358 - Flags: review?(tabraldes) → review+
Attachment #8551359 - Flags: review?(tabraldes) → review+
Attachment #8551360 - Flags: review?(tabraldes) → review+
Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to start testing when 37 hits Beta.
Flags: needinfo?(bobowen.code)
Comment on attachment 8551357 [details] [diff] [review]
Part 1: Turn on DEP process-level mitigation for the GMP sandbox.

(In reply to Chris Peterson [:cpeterson] from comment #9)
> Bob: should all Windows GMP fixes be uplifted to 37? Adobe QA would like to
> start testing when 37 hits Beta.

Makes sense to me.

Approval Request Comment
[Feature/regressing bug #]: This is an improvement to the GMP process sandbox on Windows, which is already in Live.

[User impact if declined]: If a vulnerability is found in a GMP, the extra layers of protection these mitigations provide won't be enabled.

[Describe test coverage new/current, TreeHerder]: The mitigations are not tested directly, but there are GMP tests for webrtc and eme in tree, which helps ensure that these sandbox features don't cause a regression.
Also, as cpeterson points out, there will be more extensive testing from Adobe, once in Beta.

[Risks and why]: Low to medium: the changes themselves are small, but it is possible that they might cause regressions for GMPs, although I think it is unlikely.

[String/UUID change made/needed]: None
Flags: needinfo?(bobowen.code)
Attachment #8551357 - Flags: approval-mozilla-aurora?
Comment on attachment 8551358 [details] [diff] [review]
Part 2: Turn on SEHOP process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551358 - Flags: approval-mozilla-aurora?
Comment on attachment 8551359 [details] [diff] [review]
Part 3: Turn on HEAP_TERMINATE process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551359 - Flags: approval-mozilla-aurora?
Comment on attachment 8551360 [details] [diff] [review]
Part 4: Turn on DLL_SEARCH_ORDER process-level mitigation for the GMP sandbox.

See comment 10.
Attachment #8551360 - Flags: approval-mozilla-aurora?
Attachment #8551357 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551358 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551359 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Attachment #8551360 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: