Closed
Bug 776652
Opened 12 years ago
Closed 11 years ago
Tracking: Apply appropriate security checks for sensitive IPDL protocols
Categories
(Core :: General, defect)
Core
General
Tracking
()
RESOLVED
FIXED
People
(Reporter: cjones, Unassigned)
References
Details
Attachments
(2 files)
Some protocols, like the ones used for gfx, don't need security checks (to a first approximation). But the ones used for, e.g. telephony and SMS, do. We need to do a second pass over our protocol code and apply capability checks where required. We can go in order of most-sensitive to least-sensitive. This is the debt we've been building up while we didn't have the permission model implemented. The fact that some cross-process impls are in JS complicates this somewhat.
Reporter | ||
Comment 1•12 years ago
|
||
We should implement one or two of these fully "manually" to get a feel for what this code should look like. After that, we should consider tagging IPDL protocols/messages themselves with the required permission bits, and then auto-generating the boilerplate needed to delegate those security checks.
Reporter | ||
Comment 2•12 years ago
|
||
This isn't a complete set, but let's start here.
Reporter | ||
Updated•12 years ago
|
Comment 3•12 years ago
|
||
So how does one know whether certain process has been granted permission for foo?
Reporter | ||
Comment 4•12 years ago
|
||
See bug 776649. We'll reuse that mechanism for mm too.
Comment 5•12 years ago
|
||
I went through the ipdl files I found and tried to figure out what all needs some kind of permission check or perhaps parameter validation. Next: messageManager communication
Comment 6•12 years ago
|
||
Comment 7•12 years ago
|
||
Hmm, I missed BrowserElementParent.js and it is actually tricky one. In a way all the messages from child process would need some kind of permissions check, but in practice... maybe not. So, I assume the developers of the relevant features add needed permission checks. (hopefully it is possible to do permission checks both in JS and C++.)
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•