Tom Ritter [:tjr] (Back 9/5) Reporter
	Description • 7 years ago

We should check that WebRTC is enabled in the user's preferences before processing IPC mechanisms, otherwise this is a vector for information leakage that content (and the sandbox) otherwise shouldn't be able to gain.

	Alex Gaynor [:Alex_Gaynor]
	Comment 1 • 7 years ago

Makes sense. I think this should be assigned over to the WebRTC team, the sandboxing team isn't responsible for each individual component's IPC stuff.

	Michael Froman [:mjf]
	Comment 2 • 7 years ago

(In reply to Tom Ritter [:tjr] from comment #0)
> We should check that WebRTC is enabled in the user's preferences before
> processing IPC mechanisms, otherwise this is a vector for information
> leakage that content (and the sandbox) otherwise shouldn't be able to gain.

What pref are your referring to?

	Nils Ohlmeier [:drno]
	Comment 3 • 7 years ago

Michael, my guess is that Tom refers to media.peerconnection.enabled

	Tom Ritter [:tjr] (Back 9/5) Reporter
	Comment 4 • 7 years ago

(In reply to Nils Ohlmeier [:drno] from comment #3)
> Michael, my guess is that Tom refers to media.peerconnection.enabled

Probably. I actually don't think I'll be able to answer this until I complete Bug 1314443 (and maybe Bug 1338006).

It's easy to say "Tor will turn them all off so just pick one", but what I'm unsure about is if there's a combination of preferences where some might be left on and others turned off. If there are prefs that turn off UDP-based or Peer-to-Peer (STUN?) based mechanisms, but leave on non-P2P (TURN?) and TCP then that seems mostly likely.

	Nils Ohlmeier [:drno]
	Comment 5 • 7 years ago

(In reply to Tom Ritter [:tjr] from comment #4)
> (In reply to Nils Ohlmeier [:drno] from comment #3)
> > Michael, my guess is that Tom refers to media.peerconnection.enabled
> 
> Probably. I actually don't think I'll be able to answer this until I
> complete Bug 1314443 (and maybe Bug 1338006).
> 
> It's easy to say "Tor will turn them all off so just pick one", but what I'm
> unsure about is if there's a combination of preferences where some might be
> left on and others turned off. If there are prefs that turn off UDP-based or
> Peer-to-Peer (STUN?) based mechanisms, but leave on non-P2P (TURN?) and TCP
> then that seems mostly likely.

To avoid confusion lets clarify a couple of things here:

- Are we discussing the network related IPC message here only, or should this include camera, mic (device) related API's as well?
  I think it would be cleaner to separate network and devices API into separate bugs (if that is not the case here already).

- I'm assuming you are worried about the state where the content process has been taken over by an attack (because my assumption is that is the only way how someone can get direct access to IPC interfaces), right?

- Assuming we are talking about the networking side, then I totally agree that it makes sense to ensure media.peerconnection.enabled is true before processing the IPC messages in https://dxr.mozilla.org/mozilla-central/source/media/mtransport/ipc
  For the actual UPD and TCP socket based interfaces I'm not sure if WebRTC is the only client using these IPC interfaces. I could easily see that WebRTC is the only client for the UDP IPC interfaces.

- If we want to discuss more fine grained filtering of IPC message based on other user prefs (which BTW is going to be a lot harder) I think we should do that in a separate bug, because otherwise things will get easily super confusing.

	Emma Humphries ☕️🎸🧞‍♀️✨ (she/they) [:emceeaich] (Pacific Time) use needinfo
	Comment 6 • 7 years ago

This is a P1 bug without an assignee. 

P1 are bugs which are being worked on for the current release cycle/iteration/sprint. 

If the bug is not assigned by Monday, 28 August, the bug's priority will be reset to '--'.

	Bulk Bug Changes for mreavy's org
	Comment 7 • 7 years ago

Mass change P1->P2 to align with new Mozilla triage process

	Sylvestre Ledru [:Sylvestre]
	Comment 8 • 6 years ago

Moving to p3 because no activity for at least 1 year(s).
See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information