Closed Bug 1514694 Opened 4 years ago Closed 3 years ago

Don't report winsxs / comctl32.dll as untrusted in untrusted modules ping

Categories

(Core :: General, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
firefox66 --- fixed

People

(Reporter: ccorcoran, Assigned: ccorcoran)

References

Details

Attachments

(1 file)

According to https://sql.telemetry.mozilla.org/queries/60451/source#156077
a significant number of untrusted module pings are reporting comctl32.dll, with trust flags "4", meaning the only trustworthiness found is that they have Microsoft-looking version info.

The comctl32.dll that's in %SystemRoot%\system32 has a digital signature, so this is not the one being loaded. My local install loads comctl32.dll as:

C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.471_none_fb3e9aab3068fc16\comctl32.dll

This doesn't have a digital signature, so if we want to suppress this, we need to consider a new trustworthiness rule. A couple ideas:

1. Grant the WinSxS directory similar trustworthiness as we already do with system32. Of course being in WinSxS doesn't automatically make a DLL trustworthy, but it carries at least as much confidence as we already give with system32.

2. Grant an exception to comctl32, gdiplus, and msvc* when they're in WinSxS. According to https://docs.microsoft.com/en-us/windows/desktop/SbsCs/supported-microsoft-side-by-side-assemblies, these DLLs are explicitly supported as being SxS. Perhaps we could do a check that the folder name is properly formatted and that they're properly registered as such.
Adds a new flag for evaluating DLL trustworthiness:

ModuleTrustFlags::WinSxSDirectory

This flag indicates that the DLL was loaded from the WinSxS folder. This
grants a trustworthiness equal to that of ModuleTrustFlags::SystemDirectory, in
particular allowing some Microsoft DLLs, like comctl32.dll, to be considered
trusted so they don't appear in the untrusted modules ping.
Pushed by aklotz@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9fdf3a686991
Treat DLLs under WinSxS with same trustworthiness as system32 r=aklotz
https://hg.mozilla.org/mozilla-central/rev/9fdf3a686991
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.