1620114 - Enable CIG (= Code Integrity Guard) in RDD process before process creation

Status: RESOLVED FIXED

(Firefox :: Launcher Process, enhancement, P3)

Description

[Toshihito Kikuchi [:toshi]]

Currently we enable CIG in RDD (and Socket) process after process creation. This bug is to track a project to enable CIG before process creation.

Comment 1

[Toshihito Kikuchi [:toshi]]

Attachment: Bug 1620114 - Enable pre-spawn CIG in RDD. r=bobowen

On top of Automatic CIG bypassing and Automatic entrypoint redirection (Bug 1659438),
we can enable CIG in the RDD process without breaking process launch.
This patch also excludes modules in the directory containing the executable
from CIG as the process needs to load our modules such as mozglue.dll.

Depends on D88359

Comment 2

[Toshihito Kikuchi [:toshi]]

Attachment: Bug 1620114 - Enable pre-spawn CIG in RDD. r=bobowen

This patch enables pre-spawn CIG in the RDD process.

If CIG prevents a module in the executable's Import Directory Table, Windows totally
fails to launch a process. So we add a policy rule of SUBSYS_SIGNED_BINARY for
all files under the directory containing the executable such as mozglue.dll, and
modules injected via Import Directory Table. The latter ones will be blocked by our
blocklist with REDIRECT_TO_NOOP_ENTRYPOINT.

Comment 3

[Pulsebot]

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9df12e4b7a00
Enable pre-spawn CIG in RDD.  r=bobowen

Comment 4

[Atila Butkovits]

https://hg.mozilla.org/mozilla-central/rev/9df12e4b7a00

Comment 5

[Ryan VanderMeulen [:RyanVM]]

This was backed out from Beta85 in bug 1682834. It remains enabled for 86+ at this time.
https://hg.mozilla.org/releases/mozilla-beta/rev/7de611ce368d