1381019 - (win32k-lockdown) [meta] Remove win32k access from content process

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, enhancement, P2)

Description

[Alex Gaynor [:Alex_Gaynor]]

This is a meta bug for work towards removing win32k usage from the content process, and using the windows8+ mitigation policy to disable access to it.

This work is currently in the research/scoping phase - it is known that we make use of win32k APIs in the content process and we need to establish where and come up with a plan for dealing with all of them.

Comment 1

[Gian-Carlo Pascutto [:gcp]]

Attachment: Bug 1381019 - Enable win32k lockdown by default. r?bobowen,ahal,jgilbert

Depends on D130871

Comment 2

[Bob Owen (:bobowen)]

I'm removing bug 1696387 as a blocker.
We originally thought it would block because it blocks other improvements to the sandbox, however we have not seen any signs of the issue.
Additionally it would normally be seen (according to chromium comments) because the connection to the DWrite cache would be made during start-up with more permissions and then fail to reconnect if the connection was lost for some reason after lowering the sandbox. With win32k lockdown we are enabling from process start, so the issue would present itself immediately.

Comment 3

[Chris Martin [:cmartin]]

Attachment: Bug 1381019 - Enable Win32k Lockdown by default in Nightly

It's time to graduate Win32k lockdown from Nightly Experiments to default on
Nightly.

Comment 4

[Pulsebot]

Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c55b23ccde73
Enable Win32k Lockdown by default in Nightly r=preferences-reviewers,fluent-reviewers,Gijs

Comment 5

[Marian-Vasile Laza]

Backed out changeset c55b23ccde73 (Bug 1381019) for causing mochitest failures on test_bug360437.xhtml.
Backout link
Push with failures
Failure Log

Comment 6

[Pulsebot]

Pushed by cmartin@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c467b50beb6f
Enable Win32k Lockdown by default in Nightly r=preferences-reviewers,fluent-reviewers,Gijs

Comment 7

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/c467b50beb6f

Comment 8

[Noemi Erli[:noemi_erli]]

Per Sebastian's request: Backed out changeset c467b50beb6f (Bug 1381019) for beaking content tabs with win32k lockdown enabled a=backout (bug 1719212) at least on Windows 8.1

Comment 9

[Pulsebot]

Backout by nerli@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/7a69711e1364
Backed out changeset c467b50beb6f for beaking content tabs with win32k lockdown enabled a=backout

Comment 10

[Gian-Carlo Pascutto [:gcp]]

bug 1719212

I'm not sure this one is correlated to third party DLL's, might be dual graphics (from a very brief look at reports).

Comment 11

[Tom S [:evilpie]]

Can you please use bug 1750742 for enabling this in Nightly the next time. This should make it easier to to track.

Comment 12

[Chris Martin [:cmartin]]

Thanks, Tom. Will use bug 1750742 from now on :)

:bobowen and I are investigating the regressions now

Comment 13

[Firefox User]

Should this ticket be closed now?

Comment 14

[Gian-Carlo Pascutto [:gcp]]

There's a few old/out-of-date Windows version where we could likely support this but currently do not. We're still looking at that in bug 1759167.

Comment 15

[Gian-Carlo Pascutto [:gcp]]

We're not going to try to extend this to (very) out of date Windows versions and focus on more valuable security improvements instead. So this bug can be closed now.