Crash in [@ ks3rdhmpg.dll | mozilla::interceptor::FuncHook<T>::operator()]
Categories
(External Software Affecting Firefox :: Other, defect, P1)
Tracking
(firefox133 wontfix, firefox134 fixed, firefox135 fixed)
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
In bug 1929333, we have blocked ks3rdhmpg.dll in all child processes, but that block is not always working and we still see a lot of crashes from a smaller number of clients.
:yannis found from the crashes that it is probably trying to load ole32.dll and it seems likely that the failure is due to the KnownDlls directory being blocked.
One way in which we can allow access to this is by not setting the Everyone/World SID to deny only.
As this will also give access to any other resources that allows the Everyone and Restricted SIDs, we will only do it if ks3rdhmpg.dll is loaded in the parent. If we have similar issues with other DLLs we could extend this to a list.
While this weakens USER_RESTRICTED for people using the Kingsoft software slightly it is still an improvement over USER_LIMITED and it should allow us to roll out full USER_RESTRICTED for everybody else.
I have found a contact form on a Kingsoft website that appears to be at least related, so I have tried to make them aware of this problem.
Crash report: https://crash-stats.mozilla.org/report/index/690e05de-d2f1-499f-a47a-f44d10241105
Reason:
FACILITY_VISUALCPP / ERROR_MOD_NOT_FOUND
Top 9 frames:
0 KERNELBASE.dll RaiseException
1 ks3rdhmpg.dll ks3rdhmpg.dll@0x88872
2 ks3rdhmpg.dll ks3rdhmpg.dll@0x88690
3 ks3rdhmpg.dll ks3rdhmpg.dll@0x70b58
4 ks3rdhmpg.dll ks3rdhmpg.dll@0x8d197
5 mozglue.dll mozilla::interceptor::FuncHook<mozilla::interceptor::WindowsDllInterceptor<mo... toolkit/xre/dllservices/mozglue/nsWindowsDllInterceptor.h:150
5 mozglue.dll patched_BaseThreadInitThunk(int, void*, void*) toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:562
6 ntdll.dll __RtlUserThreadStart
7 ntdll.dll _RtlUserThreadStart
|
Assignee | |
Comment 1•3 months ago
•
|
||
|
|
Assignee | |
Comment 2•3 months ago
|
||
The crash caused by ks3rdhmpg.dll under USER_RESTRICTED appears to be down to
the KnownDlls directory being blocked. Not setting the Everyone SID to deny only
will allow access. It will also allow access to other resources that allow the
Everyone and Restricted SIDs, but this will still be an improvement over
USER_LIMITED.
|
|
Assignee | |
Comment 4•3 months ago
|
||
The crash caused by ks3rdhmpg.dll under USER_RESTRICTED appears to be down to
the KnownDlls directory being blocked. Not setting the Everyone SID to deny only
will allow access. It will also allow access to other resources that allow the
Everyone and Restricted SIDs, but this will still be an improvement over
USER_LIMITED.
Original Revision: https://phabricator.services.mozilla.com/D231549
|
||
Updated•3 months ago
|
|
|
||
Comment 5•3 months ago
|
||
beta Uplift Approval Request
- User impact if declined: We won't be able to roll-out USER_RESTRICTED security improvement in Fx134.
- Code covered by automated testing: no
- Fix verified in Nightly: no
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: N/A
- Risk associated with taking this patch: Low
- Explanation of risk level: Fairly simple patch that adds a new ability to weaken the USER_RESTRICTED token level slightly. This mirrors an existing patch. It is only weakened if a specific DLL is loaded in the parent.
- String changes made/needed: None
- Is Android affected?: no
|
||
Comment 6•3 months ago
|
||
| bugherder | ||
|
|
||
Updated•3 months ago
|
|
||
Updated•3 months ago
|
Description
•