Closed
Bug 879728
Opened 11 years ago
Closed 5 years ago
webGL proxy/secure graphics
Categories
(Core :: Graphics: CanvasWebGL, defect, P3)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: marta, Assigned: marta)
Details
(Keywords: sec-audit)
We need to ensure that the webGL is not abused for an unauthorised access to the phone.
Comment 1•11 years ago
|
||
I don't understand what this bug is about. There's no STR, no expected/actual results.
Component: General → Canvas: WebGL
Product: Boot2Gecko → Core
Version: unspecified → Trunk
Comment 2•11 years ago
|
||
It doesn't sound like a specific vulnerability has been identified so I'm calling this a "security audit" bug. If you don't want webGL abused you could always turn it off, but we haven't felt the need to do so on Desktop or Android. Is there a different set of worries on b2g?
Keywords: sec-audit
Sorry, maybe I was to brief on the bug description, as it follows a longer discussion I have had with Guillaume. There is a need for limiting the memory access that can be obtained by abusing the webGL and tricking the GPU into writing/reading to/from memory regions it is not supposed to access. I added the bug, as it was agreed that I will contribute in this area, and I couldn't find a bug entry in bugzilla. For now it is only listed here: https://wiki.mozilla.org/B2G/Architecture/System_Security#Road_Map (second after seccomp).
Comment 4•11 years ago
|
||
The WebGL implementation already guards against illegal memory accesses. Did you identify a specific area where the checks performed by the WebGL implementation are insufficient?
Updated•9 years ago
|
Group: core-security → gfx-core-security
Comment 5•5 years ago
|
||
We are tracking this elsewhere.
Status: NEW → RESOLVED
Closed: 5 years ago
Priority: -- → P3
Resolution: --- → INCOMPLETE
Updated•4 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•