Closed
Bug 1177594
Opened 9 years ago
Closed 9 years ago
Use a USER_RESTRICTED token level on GMP process when integrity levels are available.
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla41
People
(Reporter: bobowen, Assigned: bobowen)
Details
Attachments
(1 file)
1.61 KB,
patch
|
cpearce
:
review+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
There is a possibility that the USER_LOCKDOWN token level could be causing loading problems on platforms other than Win10. When we are already running at untrusted integrity level, dropping back to the USER_RESTRICTED token level then shouldn't affect the effectiveness of the sandbox and might help with certain problems.
Assignee | ||
Comment 1•9 years ago
|
||
Sorry this took a while, I realised that I should really also take out the other part of this, when we're not using the lockdown token level but I'm having trouble testing it here. Also, I should probably test it on different versions as well, so I'll pick that up in a follow-up.
Attachment #8626386 -
Flags: review?(cpearce)
Comment 2•9 years ago
|
||
Comment on attachment 8626386 [details] [diff] [review] bug1177594.patchUse a USER_RESTRICTED token level on GMP process when integrity levels are available. Review of attachment 8626386 [details] [diff] [review]: ----------------------------------------------------------------- We should uplift this to 40; it may be hurting people using EME in the wild.
Attachment #8626386 -
Flags: review?(cpearce) → review+
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → bobowen.code
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•9 years ago
|
||
Comment on attachment 8626386 [details] [diff] [review] bug1177594.patchUse a USER_RESTRICTED token level on GMP process when integrity levels are available. Approval Request Comment [Feature/regressing bug #]: USER_LOCKDOWN was originally set for bug 1094370. [User impact if declined]: If this is the cause of the issues, then the user will not be able to use the Adobe CDM to play media content. [Describe test coverage new/current, TreeHerder]: EME and openh264 have mochitest coverage. [Risks and why]: Low: simple patch and this reduces this particular sandbox setting and so shouldn't cause any issues. In addition this was the original setting that GMP shipped with. [String/UUID change made/needed]: None
Attachment #8626386 -
Flags: approval-mozilla-aurora?
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5fb9272062b9
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Comment 6•9 years ago
|
||
Comment on attachment 8626386 [details] [diff] [review] bug1177594.patchUse a USER_RESTRICTED token level on GMP process when integrity levels are available. Same request as per comment 4, but for beta 40
Attachment #8626386 -
Flags: approval-mozilla-aurora? → approval-mozilla-beta?
Comment 7•9 years ago
|
||
[Tracking Requested - why for this release]: We need to get this uplifted so that we can rule it out as a cause of crashes in the EME plugin process.
Comment 8•9 years ago
|
||
Beta try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=1860489254a1
Adding a tracking flag for FF40 and a qe-verify tracking flag so the fix is verified.
Flags: qe-verify+
Comment on attachment 8626386 [details] [diff] [review] bug1177594.patchUse a USER_RESTRICTED token level on GMP process when integrity levels are available. Approving for Beta. The try push was clean according to Chris.
Attachment #8626386 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 12•9 years ago
|
||
Looks like Chris uplifted this. https://hg.mozilla.org/releases/mozilla-beta/rev/c9af6025b8bc
status-firefox42:
fixed → ---
Updated•9 years ago
|
Flags: needinfo?(cpearce)
Comment 13•9 years ago
|
||
Is there any proper method to manually verify this? If yes, can you please provide me some steps to do it? Thanks!
Flags: needinfo?(bobowen.code)
Assignee | ||
Comment 14•9 years ago
|
||
To verify that the setting has taken effect properly, you could use something like sysinternal's process explorer. * Navigate to http://people.mozilla.org/~cpearce/mse-clearkey/ * In process explorer check the properties (from right-click menu) of the GMP plugin-container.exe process (this will have geckomediaplugin at the end of the command line) * The security tab should still have the SeChangeNotifyPrivilege enabled To actually test whether this fixes any CDM loading problems, we'd need to be able to re-produce them, so we'll probably have to rely on monitoring crashes for that.
Flags: needinfo?(bobowen.code)
Comment 15•9 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #14) > To verify that the setting has taken effect properly, you could use > something like sysinternal's process explorer. > > * Navigate to http://people.mozilla.org/~cpearce/mse-clearkey/ > * In process explorer check the properties (from right-click menu) of the > GMP plugin-container.exe process (this will have geckomediaplugin at the end > of the command line) > * The security tab should still have the SeChangeNotifyPrivilege enabled > > To actually test whether this fixes any CDM loading problems, we'd need to > be able to re-produce them, so we'll probably have to rely on monitoring > crashes for that. I've verified on Windows 7 64bit using Firefox 40 Beta 2 (buildID: 20150706172413) and Aurora 41.0a2 (buildID: 20150707004003) following your steps and everything is as expected: the security tab have the SeChangeNotifyPrivilege enabled. Removing the "qe-verify+" flag since no more manual testing is needed.
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•