Closed
Bug 1190760
Opened 9 years ago
Closed 8 years ago
Discuss security implications of using Enhanced Metafiles to store prints between the content and parent process.
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: bobowen, Unassigned)
References
Details
I'm currently planning on using EMFs [1] in shared memory to transport data for printing from the content to the parent process on windows. It looks like we can write directly to EMF instead of the printer device context in the content process. Processing the EMF back to a printer device context in the parent also seems relatively straightforward. There are some concerns that this will open up the parent to vulnerabilities in EMF for example things like [2]. For information, my understanding is that Chrome uses in memory PDF files (on all platforms) to transport the print data to the parent process. On windows this is then converted to EMF before being sent to the printer. Again I understand that we have some support for PDF on windows, but only for an earlier version (1.5). Which I think might cause some print quality issues. [1] https://msdn.microsoft.com/en-us/library/dd162600%28v=vs.85%29.aspx [2] http://tools.cisco.com/security/center/viewAlert.x?alertId=38258
Reporter | ||
Comment 1•9 years ago
|
||
Not sure who is the best person to ask about this. Do you think that PDF is inherently more secure than EMF? What do you think we could reasonably do to mitigate any potential problems? Would it be possible to check/scan EMFs for problems in the parent process? What about sending some sort of token from the parent process when a print is requested, so the return call would only be allowed when a print has been requested? (Note: I have no idea how easy that last suggestion would be to implement or whether we could cover all bases.) Is there anyone else that would be a good person to ask about this?
Flags: needinfo?(dveditz)
Flags: needinfo?(abillings)
Reporter | ||
Comment 2•9 years ago
|
||
Also found: https://msdn.microsoft.com/en-us/library/cc230514.aspx Which has a "Security Considerations" section, but it's very brief.
Reporter | ||
Comment 3•9 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #2) > Also found: https://msdn.microsoft.com/en-us/library/cc230514.aspx > > Which has a "Security Considerations" section, but it's very brief. I assume that section is referring to: https://msdn.microsoft.com/en-us/library/cc230578.aspx
Comment 4•9 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #1) > Not sure who is the best person to ask about this. Not me! I'll defer to Dveditz here.
Flags: needinfo?(abillings)
Reporter | ||
Comment 5•8 years ago
|
||
We didn't go down the EMF file route in the end.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(dveditz)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•