Closed Bug 1481454 Opened 7 years ago Closed 3 years ago

Remove Nightly restriction for blocking threads with LoadLibrary* functions as entry points

Categories

(Core :: DLL Services, enhancement, P4)

Product:
Core
Component:
DLL Services
Platform:
Unspecified
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
99 Branch
Tracking Flags:
Tracking Status
firefox98 --- fixed
firefox99 --- fixed

People

(Reporter: ccorcoran, Assigned: toshi)

References

Details

Attachments

(2 files)

Bug 1481454 - Enable protection against the CreateRemoteThread+LoadLibrary technique in non-Nightly. r=mhowell
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta-
Details | Review
Bug 1481454 - Restrict the LoadLibrary injection protection to early beta. r=mhowell
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review
It seems time to remove the Nightly restriction for this feature.
See Also: → 1740627
Component: General → DLL Services
Product: Firefox → Core
Blocks: 1752466

Bug 1435816 enabeld this protection in Nightly four years ago. It's time to
expand it to the other release channels.

Bug 1752466 showed WebRoot uses this technique and caused a deadlock in Firefox.
It proved this protection is helpful.

Assignee: nobody → tkikuchi
Status: NEW → ASSIGNED
Pushed by tkikuchi@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e26783765b37 Enable protection against the CreateRemoteThread+LoadLibrary technique in non-Nightly. r=mhowell

https://hg.mozilla.org/mozilla-central/rev/e26783765b37

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox98: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 98 Branch

Comment on attachment 9262134 [details]
Bug 1481454 - Enable protection against the CreateRemoteThread+LoadLibrary technique in non-Nightly. r=mhowell

Beta/Release Uplift Approval Request

  • User impact if declined: Webroot Secureanywhere may cause deadlock at startup.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Medium
  • Why is the change risky/not risky? (and alternatives if risky): The change is to remove NIGHTLY_BUILD restriction, so landing this on Nightly had no impact. We have run this nightly-only code for four years (since bug 1435816) and no regression was reported. I set the risk to Medium because this change might impact valid third-party applications that are mainly installed with Beta or Release version. Without uplifting this, however, we cannot evaluate such impact.
  • String changes made/needed: None
Attachment #9262134 - Flags: approval-mozilla-beta?

Comment on attachment 9262134 [details]
Bug 1481454 - Enable protection against the CreateRemoteThread+LoadLibrary technique in non-Nightly. r=mhowell

This landed in 98 nightly which goes into beta tomorrow, so no need to uplift to beta.

Attachment #9262134 - Flags: approval-mozilla-beta? → approval-mozilla-beta-

Toshi, this patch had never been on beta before, I think it would be good to keep it behind the early_beta_or_earlier flag.

Flags: needinfo?(tkikuchi)

Ok, let's reopen this. I'll upload a patch to add EARLY_BETA_OR_EARLIER.

Status: RESOLVED → REOPENED
Flags: needinfo?(tkikuchi)
Resolution: FIXED → ---

This protection may be too risky to be enabled unconditionally.

(In reply to Toshihito Kikuchi [:toshi] from comment #7)

Ok, let's reopen this. I'll upload a patch to add EARLY_BETA_OR_EARLIER.

Thanks, please request an uplift to beta once this has landed.

Flags: needinfo?(tkikuchi)
Pushed by tkikuchi@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8ca70e015f3b Restrict the LoadLibrary injection protection to early beta. r=mhowell

https://hg.mozilla.org/mozilla-central/rev/8ca70e015f3b

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
status-firefox99: --- → fixed
Resolution: --- → FIXED

Comment on attachment 9263110 [details]
Bug 1481454 - Restrict the LoadLibrary injection protection to early beta. r=mhowell

Beta/Release Uplift Approval Request

  • User impact if declined: The earlier patch, preventing the LoadLibrary injection, may cause compat issues, so it's risky to enable it unconditionally. This patch limits it to early beta and earlier.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): We used to have the NIGHTLY_BUILD check. This patch replaces it with EARLY_BETA_OR_EARLIER.
  • String changes made/needed: None
Flags: needinfo?(tkikuchi)
Attachment #9263110 - Flags: approval-mozilla-beta?

Comment on attachment 9263110 [details]
Bug 1481454 - Restrict the LoadLibrary injection protection to early beta. r=mhowell

Approved for 98 beta 3, thanks!

Attachment #9263110 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Do we have a bug on file for letting this ride the trains eventually?

Flags: needinfo?(tkikuchi)
Target Milestone: 98 Branch → 99 Branch
Blocks: 1757487

(In reply to Ryan VanderMeulen [:RyanVM] from comment #15)

Do we have a bug on file for letting this ride the trains eventually?

Filed a new one. Thank you for the reminder!

Flags: needinfo?(tkikuchi)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: