1705278 - No need to parse the import table in UntrustedModulesProcessor anymore

Status: RESOLVED FIXED

(Firefox :: Launcher Process, enhancement)

Description

[Toshihito Kikuchi [:toshi]]

Bug 1620118 added a new field isDependent in the third-party-module ping, which is determined when processing module load events. It is not accurate because some third-party applications who tamper the import table revert to the original state immediately after their module was loaded (bug 1684532).

Bug 1684532 added a logic to determine whether a module is dependent or not in NtMapViewOfSection. We can use it as the field isDependent.

Comment 1

[Toshihito Kikuchi [:toshi]]

Attachment: Bug 1705278 - Remove DependentModules from UntrustedModulesProcessor.cpp. r=aklotz

Bug 1620118 added a new field isDependent in the third-party-module ping
which is calculated in UntrustedModulesProcessor. However, bug 1684532
revealed it was not accurate because some third-party applications revert
the import table to the original state immediately after their module was
loaded.

Now that we have a logic to determine isDependent in NtMapViewOfSection
to automatically block a module injected through the import table, we can
pass that value to the ping and remove the original logic in UntrustedModulesProcessor.

Comment 2

[Pulsebot]

Pushed by tkikuchi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/07e6b27e4b30
Remove DependentModules from UntrustedModulesProcessor.cpp.  r=aklotz

Comment 3

[Narcis Beleuzu [:NarcisB]]

https://hg.mozilla.org/mozilla-central/rev/07e6b27e4b30