Open Bug 1484019 (fission-ipc) Opened 6 years ago Updated 7 months ago

[meta] Enforce Content Process Restrictions in IPC


(Core :: IPC, enhancement)




Fission Milestone Future


(Reporter: tjr, Unassigned)


(Depends on 37 open bugs, Blocks 1 open bug)


(Keywords: meta)

In addition to ensuring the Parent (+ Compositor/RDD) processes never _send_ data belonging to origin B to origin A, we should ensure that the content process of Origin B cannot _receive_ data even if it explicitly requests data for origin A.  Such a request would be the result of either a bug or a compromised child process.

The Parent/Compositor/RDD process needs a trusted mapping of Content Processes -> Origins, and then needs to add checks into all relevant IPC/MM methods to confirm that requested data is for an origin the process is authorized for.

Surely there will be a lot of shared code in these checks, so creating a framework for that would be a task for the first of these checks added.
Depends on: 1490461
Keywords: meta
Summary: Enforce Content Process Restrictions in IPC → [meta] Enforce Content Process Restrictions in IPC
Blocks: fission-site-sandbox
No longer blocks: fission
Bug 1513003 is a particurally important one given its high value (Saved Logins) and how easy it would be to abuse given a UXSS vulnerability.
Depends on: 1513003
No longer depends on: 1472158
Fission Milestone: --- → Future
Depends on: 1602318
Depends on: 1604058
Depends on: 1696159
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.