Open Bug 1484019 (fission-ipc) Opened 3 years ago Updated 1 month ago

[meta] Enforce Content Process Restrictions in IPC

Categories

(Core :: IPC, enhancement)

enhancement
Not set
normal

Tracking

()

Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 36 open bugs, Blocks 1 open bug)

Details

(Keywords: meta)

In addition to ensuring the Parent (+ Compositor/RDD) processes never _send_ data belonging to origin B to origin A, we should ensure that the content process of Origin B cannot _receive_ data even if it explicitly requests data for origin A.  Such a request would be the result of either a bug or a compromised child process.

The Parent/Compositor/RDD process needs a trusted mapping of Content Processes -> Origins, and then needs to add checks into all relevant IPC/MM methods to confirm that requested data is for an origin the process is authorized for.

Surely there will be a lot of shared code in these checks, so creating a framework for that would be a task for the first of these checks added.
Depends on: 1490461
Keywords: meta
Summary: Enforce Content Process Restrictions in IPC → [meta] Enforce Content Process Restrictions in IPC
Bug 1513003 is a particurally important one given its high value (Saved Logins) and how easy it would be to abuse given a UXSS vulnerability.
Depends on: 1513003
Fission Milestone: --- → Future
Depends on: 1602318
Depends on: 1604058
Depends on: 1696159
You need to log in before you can comment on or make changes to this bug.