Last Comment Bug 614351 - deny JS-ctypes access to addon (e10s) child processes
: deny JS-ctypes access to addon (e10s) child processes
Status: NEW
:
Product: Core
Classification: Components
Component: XPCOM (show other bugs)
: Trunk
: All All
: -- normal with 1 vote (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-23 12:11 PST by Brian Warner [:warner :bwarner]
Modified: 2015-05-06 13:03 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
later


Attachments

Description Brian Warner [:warner :bwarner] 2010-11-23 12:11:17 PST
bsmedberg mentioned a while back that they were adding JS-ctypes access to E10S child processes. To help maintain confinement of Jetpack addons (specifically the code that runs outside of the main browser process), we'd like to turn this off. In particular, when the main process launches a new jetpack process, we'd like a flag that lets us disable js-ctypes in the child.

The goal is this: if sandboxing fails in the child process, such that it starts executing hostile javascript without confinement, we'd like to limit the damage that the evil code can do. Without js-ctypes, it is limited to sending messages to the parent process (so the damage is limited to whatever the parent is willing to do in response to those messages). If the child *does* have js-ctypes access, then it has compromised the entire user account.

I'm not sure what Product/Component this should be attached to, but I'll start with jetpack and hope that someone who knows more than me can assign it appropriately.
Comment 1 Brian Warner [:warner :bwarner] 2010-11-23 14:28:55 PST
For reference, bug 588563 is where ctypes were exposed to the jetpack process. Setting product/component to match.

Note You need to log in before you can comment on or make changes to this bug.