Closed Bug 1406068 Opened 3 years ago Closed 3 years ago

Expand the chromium content process dll blocklist to include various av products that have caused stability issues in Firefox

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

All
Windows
enhancement

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox58 --- fixed

People

(Reporter: jimm, Assigned: bobowen)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: sb+)

Attachments

(1 file)

We have a blocklist mechanism available to us for child processes that provides an advantage over the current dll entry point blocklist service. The advantage stems from the way in which this mechanism is set up prior to any thread execution in the child process.

We currently only block one dll here, WRusr.dll from WebRoot, but we plan to expand this to include a number of 3rd party dlls. 

This bug tracks work in this area.
Priority: -- → P2
Whiteboard: sb+
Assignee: nobody → bobowencode
Status: NEW → ASSIGNED
Try push with some more DLLs that crop up frequently in the ImageBridgeChild::InitForContent crashes:
https://hg.mozilla.org/try/rev/387923a5755a57ad378308af77e12a117ccaa70c
I think that trying to slice this up by feature is just going to lead to complications down the line,
so to keep it simple I've moved this to the launch code for all sandboxed children, not just when the
Alternate Desktop is enabled.
This also, similar to chromium, only adds them to the blocklist if they are loaded in the parent.
Attachment #8916642 - Flags: review?(jmathies)
Don't know if this is the right place for this or if it's already been covered but Comodo has apparently been causing crashes on 32 bit Firefox.

https://support.mozilla.org/en-US/kb/firefox-crashes-startup-comodo-win10-update
Comment on attachment 8916642 [details] [diff] [review]
Expand list of DLLs that are suspected of causing crash in ImageBridgeChild::InitForContent

Review of attachment 8916642 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ +234,5 @@
> +  // Add DLLs that have been found to cause instability with the sandbox to the
> +  // policy, so that they will be unloaded when they attempt to load.
> +  sandbox::ResultCode result;
> +  for (std::wstring dllToUnload : kDllsToUnload) {
> +    if (::GetModuleHandleW(dllToUnload.c_str())) {

nit - comment me, or add a comment explaining why we check this up in the list comment.
Attachment #8916642 - Flags: review?(jmathies) → review+
Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/dfc9fb9a35b3
Expand the list of DLLs that are suspected of causing a crash in ImageBridgeChild::InitForContent. r=jimm
(In reply to Caspy7 from comment #4)
> Don't know if this is the right place for this or if it's already been
> covered but Comodo has apparently been causing crashes on 32 bit Firefox.
> 
> https://support.mozilla.org/en-US/kb/firefox-crashes-startup-comodo-win10-
> update

It looks like they already have a patch for that and, unlike our normal blocklist, this one doesn't currently have the ability to block by version.
https://hg.mozilla.org/mozilla-central/rev/dfc9fb9a35b3
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Depends on: 1407766
Depends on: 1403912
Depends on: 1433065
Blocks: 1435794
No longer blocks: injecteject
See Also: → 1441801
See Also: → 1408752
You need to log in before you can comment on or make changes to this bug.