Closed Bug 835038 Opened 9 years ago Closed 9 years ago

Compromised content process can create TCP sockets willy nilly

Categories

(Core :: IPC, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla21
blocking-b2g -
Tracking Status
firefox19 --- wontfix
firefox20 --- wontfix
firefox21 --- fixed
b2g18 + fixed
b2g18-v1.0.1 --- fixed

People

(Reporter: jdm, Assigned: jdm)

References

Details

Attachments

(1 file)

We don't insist on a non-null PBrowser on which to perform permission checks. This is exceedingly bad.
blocking-b2g: --- → tef?
tef- but please request approval when ready so this can be considered for uplift.
blocking-b2g: tef? → -
Attachment #706776 - Flags: review?(jduell.mcbugs) → review+
Renom as tef+: this is a pretty bad security hole and the fix is trivial.
blocking-b2g: - → tef?
(In reply to Jason Duell (:jduell) from comment #3)
> Renom as tef+: this is a pretty bad security hole and the fix is trivial.

You probably just want to ask for approval to land, I think.
(In reply to Jason Duell (:jduell) from comment #3)
> Renom as tef+: this is a pretty bad security hole and the fix is trivial.

cc Lucas and Johnny 

The consensus in triage is that we do want to fix this but it is not a critical enough issue to block the release.
Comment on attachment 706776 [details] [diff] [review]
Ensure IPC TCP sockets always have permission checks applied.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 770778
User impact if declined: Compromised content could open up arbitrary TCP connections regardless of app permissions.
Testing completed: Manual testing.
Risk to taking this patch (and alternatives if risky): None.
String or UUID changes made by this patch: None
Attachment #706776 - Flags: approval-mozilla-b2g18?
blocking-b2g: tef? → -
tracking-b2g18: --- → +
Comment on attachment 706776 [details] [diff] [review]
Ensure IPC TCP sockets always have permission checks applied.

Approving to land - please get this on the b2g18 relbranch as per https://wiki.mozilla.org/Release_Management/B2G_Landing#v1.0.0_2
Attachment #706776 - Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
(In reply to Lukas Blakk [:lsblakk] from comment #7)
> Comment on attachment 706776 [details] [diff] [review]

please get this on the b2g18_v_1_0_0 branch - not relbranch, my bad.
https://hg.mozilla.org/mozilla-central/rev/770b5184d683
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Batch edit: Bugs fixed on b2g18 after 1/25 merge to v1.0 branch are fixed on v1.0.1 branch.
You need to log in before you can comment on or make changes to this bug.