Closed Bug 2001149 Opened 6 months ago Closed 6 months ago

We don't add user font sandbox rules for the profile picker gpu process

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
147 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr140 --- unaffected
firefox145 --- unaffected
firefox146 --- disabled
firefox147 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

Crash Data

Attachments

(1 file)

Bug 2001149 - Get the user's AppData\Local dir directly from windows for sandbox rules. r=handyman!
48 bytes, text/x-phabricator-request
Details | Review

Analysis of the get_first_matching_font crashes from bug 1967071 revealed that they all had a GraphicsCriticalError containing "Shader disk cache is not supported".
We add rules to give access to this normally, but not in the profile picker, because GeckoDependentInitialize (where we cache the profile dir) is not called.
Currently, we also use the gecko directory service to cache the user's AppData\Local dir, so we don't add user font rules for the picker process either.

Looking at some of the dumps for these crashes, they all have various Segoe UI font file paths from the windows user's font dir in their stacks.
(Some with slightly odd names: i.e. with _0 or _1 appended as if they've been copied.)
This is odd because these should be in the system font dir as protected fonts.
It's not easy to override that, because only TrustedInstaller has full access to that dir and these are protected system fonts and a standard attempt to uninstall using the system font dialog gets blocked. I'm sure it is possible though.

We can easily get the AppData\Local dir from windows directly like we do for other dirs, so we can always add these rules.

This means we can add user font rules for the profile picker gpu process.

Pushed by bobowencode@gmail.com: https://github.com/mozilla-firefox/firefox/commit/eefa6b4a5a06 https://hg.mozilla.org/integration/autoland/rev/62c6b48904d4 Get the user's AppData\Local dir directly from windows for sandbox rules. r=handyman

https://hg.mozilla.org/mozilla-central/rev/62c6b48904d4

Status: ASSIGNED → RESOLVED
Closed: 6 months ago
status-firefox147: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 147 Branch

The patch landed in nightly and beta is affected.
:bobowen, is this bug important enough to require an uplift?

For more information, please visit BugBot documentation.

Flags: needinfo?(bobowencode)

This is only on early Beta.

status-firefox146: fix-optionalwontfix
Flags: needinfo?(bobowencode)
Blocks: 2001403
Regressions: 2002548
No longer blocks: 1967071
Depends on: 1967071
Blocks: 1967071
No longer depends on: 1967071
No longer regressions: 2002548
QA Whiteboard: [qa-triage-done-c148/b147]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: