deny JS-ctypes access to addon (e10s) child processes

NEW
Unassigned

Status

()

Core
XPCOM
7 years ago
2 years ago

People

(Reporter: warner, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(e10slater)

Details

(Reporter)

Description

7 years ago
bsmedberg mentioned a while back that they were adding JS-ctypes access to E10S child processes. To help maintain confinement of Jetpack addons (specifically the code that runs outside of the main browser process), we'd like to turn this off. In particular, when the main process launches a new jetpack process, we'd like a flag that lets us disable js-ctypes in the child.

The goal is this: if sandboxing fails in the child process, such that it starts executing hostile javascript without confinement, we'd like to limit the damage that the evil code can do. Without js-ctypes, it is limited to sending messages to the parent process (so the damage is limited to whatever the parent is willing to do in response to those messages). If the child *does* have js-ctypes access, then it has compromised the entire user account.

I'm not sure what Product/Component this should be attached to, but I'll start with jetpack and hope that someone who knows more than me can assign it appropriately.
(Reporter)

Updated

7 years ago
Component: General → XPCOM
Product: Add-on SDK → Core
QA Contact: general → xpcom
Target Milestone: -- → ---
Version: unspecified → Trunk
(Reporter)

Comment 1

7 years ago
For reference, bug 588563 is where ctypes were exposed to the jetpack process. Setting product/component to match.
tracking-e10s: --- → +
tracking-e10s: + → later
You need to log in before you can comment on or make changes to this bug.