Closed Bug 879728 Opened 11 years ago Closed 5 years ago

webGL proxy/secure graphics

Categories

(Core :: Graphics: CanvasWebGL, defect, P3)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: marta, Assigned: marta)

Details

(Keywords: sec-audit) 

We need to ensure that the webGL is not abused for an unauthorised access to the phone.
Assignee: nobody → marta
I don't understand what this bug is about. There's no STR, no expected/actual results.
Component: General → Canvas: WebGL
Product: Boot2Gecko → Core
Version: unspecified → Trunk
It doesn't sound like a specific vulnerability has been identified so I'm calling this a "security audit" bug.

If you don't want webGL abused you could always turn it off, but we haven't felt the need to do so on Desktop or Android. Is there a different set of worries on b2g?
Keywords: sec-audit
Sorry, maybe I was to brief on the bug description, as it follows a longer discussion I have had with Guillaume. 
There is a need for limiting the memory access that can be obtained by abusing the webGL and tricking the GPU into writing/reading to/from memory regions it is not supposed to access. 
I added the bug, as it was agreed that I will contribute in this area, and I couldn't find a bug entry in bugzilla. For now it is only listed here: https://wiki.mozilla.org/B2G/Architecture/System_Security#Road_Map (second after seccomp).
The WebGL implementation already guards against illegal memory accesses. Did you identify a specific area where the checks performed by the WebGL implementation are insufficient?
Blocks: 1069915
No longer blocks: 1069915
Group: core-security → gfx-core-security

We are tracking this elsewhere.

Status: NEW → RESOLVED
Closed: 5 years ago
Priority: -- → P3
Resolution: --- → INCOMPLETE
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.