Closed Bug 1406068 Opened 7 years ago Closed 7 years ago

Expand the chromium content process dll blocklist to include various av products that have caused stability issues in Firefox

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox58 --- fixed

People

(Reporter: jimm, Assigned: bobowen)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: sb+)

Attachments

(1 file)

Expand list of DLLs that are suspected of causing crash in ImageBridgeChild::InitForContent
6.13 KB, patch
jimm
: review+
Details | Diff | Splinter Review
We have a blocklist mechanism available to us for child processes that provides an advantage over the current dll entry point blocklist service. The advantage stems from the way in which this mechanism is set up prior to any thread execution in the child process. We currently only block one dll here, WRusr.dll from WebRoot, but we plan to expand this to include a number of 3rd party dlls. This bug tracks work in this area.
Priority: -- → P2
Whiteboard: sb+
Assignee: nobody → bobowencode
Status: NEW → ASSIGNED
Try push with some more DLLs that crop up frequently in the ImageBridgeChild::InitForContent crashes: https://hg.mozilla.org/try/rev/387923a5755a57ad378308af77e12a117ccaa70c
I think that trying to slice this up by feature is just going to lead to complications down the line, so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the Alternate Desktop is enabled. This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
Attachment #8916642 - Flags: review?(jmathies)
Don't know if this is the right place for this or if it's already been covered but Comodo has apparently been causing crashes on 32 bit Firefox. https://support.mozilla.org/en-US/kb/firefox-crashes-startup-comodo-win10-update
Comment on attachment 8916642 [details] [diff] [review] Expand list of DLLs that are suspected of causing crash in ImageBridgeChild::InitForContent Review of attachment 8916642 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp @@ +234,5 @@ > + // Add DLLs that have been found to cause instability with the sandbox to the > + // policy, so that they will be unloaded when they attempt to load. > + sandbox::ResultCode result; > + for (std::wstring dllToUnload : kDllsToUnload) { > + if (::GetModuleHandleW(dllToUnload.c_str())) { nit - comment me, or add a comment explaining why we check this up in the list comment.
Attachment #8916642 - Flags: review?(jmathies) → review+
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/dfc9fb9a35b3 Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm
(In reply to Caspy7 from comment #4) > Don't know if this is the right place for this or if it's already been > covered but Comodo has apparently been causing crashes on 32 bit Firefox. > > https://support.mozilla.org/en-US/kb/firefox-crashes-startup-comodo-win10- > update It looks like they already have a patch for that and, unlike our normal blocklist, this one doesn't currently have the ability to block by version.
https://hg.mozilla.org/mozilla-central/rev/dfc9fb9a35b3
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Depends on: 1407766
Depends on: 1403912
Depends on: 1433065
See Also: → 1441801
See Also: → 1408752
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: