Open
Bug 1375122
Opened 8 years ago
Updated 2 years ago
Check preferences for WebRTC before processing WebRTC-related IPC messages
Categories
(Core :: WebRTC, enhancement, P3)
Core
WebRTC
Tracking
()
NEW
| Fission Milestone | Future |
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: stale-bug, Whiteboard: [tor][sb-])
We should check that WebRTC is enabled in the user's preferences before processing IPC mechanisms, otherwise this is a vector for information leakage that content (and the sandbox) otherwise shouldn't be able to gain.
|
||
Comment 1•8 years ago
|
||
Makes sense. I think this should be assigned over to the WebRTC team, the sandboxing team isn't responsible for each individual component's IPC stuff.
|
||
Comment 2•8 years ago
|
||
(In reply to Tom Ritter [:tjr] from comment #0)
> We should check that WebRTC is enabled in the user's preferences before
> processing IPC mechanisms, otherwise this is a vector for information
> leakage that content (and the sandbox) otherwise shouldn't be able to gain.
What pref are your referring to?
Flags: needinfo?(tom)
|
||
Updated•8 years ago
|
Whiteboard: [tor] → [tor][sb-]
|
|
||
Updated•8 years ago
|
Component: Security: Process Sandboxing → WebRTC
Whiteboard: [tor][sb-] → [tor][sb+]
|
||
Comment 3•8 years ago
|
||
Michael, my guess is that Tom refers to media.peerconnection.enabled
|
Reporter | |
Comment 4•8 years ago
|
||
(In reply to Nils Ohlmeier [:drno] from comment #3)
> Michael, my guess is that Tom refers to media.peerconnection.enabled
Probably. I actually don't think I'll be able to answer this until I complete Bug 1314443 (and maybe Bug 1338006).
It's easy to say "Tor will turn them all off so just pick one", but what I'm unsure about is if there's a combination of preferences where some might be left on and others turned off. If there are prefs that turn off UDP-based or Peer-to-Peer (STUN?) based mechanisms, but leave on non-P2P (TURN?) and TCP then that seems mostly likely.
Flags: needinfo?(tom)
|
|
||
Comment 5•8 years ago
|
||
(In reply to Tom Ritter [:tjr] from comment #4)
> (In reply to Nils Ohlmeier [:drno] from comment #3)
> > Michael, my guess is that Tom refers to media.peerconnection.enabled
>
> Probably. I actually don't think I'll be able to answer this until I
> complete Bug 1314443 (and maybe Bug 1338006).
>
> It's easy to say "Tor will turn them all off so just pick one", but what I'm
> unsure about is if there's a combination of preferences where some might be
> left on and others turned off. If there are prefs that turn off UDP-based or
> Peer-to-Peer (STUN?) based mechanisms, but leave on non-P2P (TURN?) and TCP
> then that seems mostly likely.
To avoid confusion lets clarify a couple of things here:
- Are we discussing the network related IPC message here only, or should this include camera, mic (device) related API's as well?
I think it would be cleaner to separate network and devices API into separate bugs (if that is not the case here already).
- I'm assuming you are worried about the state where the content process has been taken over by an attack (because my assumption is that is the only way how someone can get direct access to IPC interfaces), right?
- Assuming we are talking about the networking side, then I totally agree that it makes sense to ensure media.peerconnection.enabled is true before processing the IPC messages in https://dxr.mozilla.org/mozilla-central/source/media/mtransport/ipc
For the actual UPD and TCP socket based interfaces I'm not sure if WebRTC is the only client using these IPC interfaces. I could easily see that WebRTC is the only client for the UDP IPC interfaces.
- If we want to discuss more fine grained filtering of IPC message based on other user prefs (which BTW is going to be a lot harder) I think we should do that in a separate bug, because otherwise things will get easily super confusing.
|
||
Updated•8 years ago
|
Rank: 19
Priority: -- → P1
|
|
||
Updated•7 years ago
|
Whiteboard: [tor][sb+] → [tor][sb-]
This is a P1 bug without an assignee.
P1 are bugs which are being worked on for the current release cycle/iteration/sprint.
If the bug is not assigned by Monday, 28 August, the bug's priority will be reset to '--'.
Keywords: stale-bug
|
||
Comment 7•7 years ago
|
||
Mass change P1->P2 to align with new Mozilla triage process
Priority: P1 → P2
|
||
Comment 8•6 years ago
|
||
Moving to p3 because no activity for at least 1 year(s).
See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
|
|
Reporter | |
Updated•6 years ago
|
Blocks: fission-ipc
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•