Closed
Bug 1187031
Opened 10 years ago
Closed 9 years ago
[EME] Investigate moving back to a USER_LOCKDOWN access token level
Categories
(Core :: Security: Process Sandboxing, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla44
Tracking | Status | |
---|---|---|
firefox44 | --- | fixed |
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(1 file)
The fix for bug 1184333 to ensure that we properly handle Unicode paths, may have fixed the problem that caused us to move from USER_LOCKDOWN back to USER_RESTRICTED.
The first thing would be to re-test against Windows 10.
This is where we first experienced a similar issue, even though the paths didn't obviously contain Unicode.
Assignee | ||
Comment 1•10 years ago
|
||
Did a quick test with my Windows 10 (build 10162).
This still fails with USER_LOCKDOWN even with the Unicode path changes.
Assignee | ||
Comment 2•9 years ago
|
||
The change to remove the side by side assembly manifest from the CDM seems to have fixed this, as expected (see bug 1197007 comment 20).
So we should be able to move back to USER_LOCKDOWN on all versions now.
I'll remove the old work around code for creating the activation context at the same time.
We suspect that that work around failed in some cases and it always failed on Windows 10 anyway.
Assignee: nobody → bobowen.code
Status: NEW → ASSIGNED
Comment 3•9 years ago
|
||
Priority P2 because we would like this for the CDM sandbox but it is not a release blocker.
Priority: -- → P2
Assignee | ||
Comment 4•9 years ago
|
||
Assignee | ||
Comment 5•9 years ago
|
||
Assignee | ||
Comment 6•9 years ago
|
||
Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r?aklotz
This also removes turning off optimization for the Load function. That was an
attempt to fix the side-by-side loading. It may also have helped with ensuring
that the memsets were not optimized, but that has been fixed by Bug 1208892.
Attachment #8674947 -
Flags: review?(aklotz)
Assignee | ||
Comment 7•9 years ago
|
||
The widePath was now only being used further down, so I moved the creation of it down to there.
It makes the diff a little more confusing, but I think it's worth it to get rid of a #ifdef.
I've tested the try version from comment 5 on Windows 10 against clearkey.
I've also tested using Nightly and the sandboxbroker.dll from that try build on Netflix, so that would only have the policy change not the code change in GMPLoader.
We can only test that once this is landed because of the voucher.
Comment 8•9 years ago
|
||
Comment on attachment 8674947 [details]
MozReview Request: Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r?aklotz
https://reviewboard.mozilla.org/r/22287/#review20187
mmmkay
Attachment #8674947 -
Flags: review?(aklotz) → review+
Assignee | ||
Comment 9•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/8481c9619cc4d4098b7acdd3f77f7d1f8d3174c1
Bug 1187031: Move back to using USER_LOCKDOWN for the GMP sandbox policy on Windows. r=aklotz
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox44:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Updated•9 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•