Open Bug 1491113 Opened 6 years ago Updated 2 years ago

IPDLs in dom/clients/manager can be constructed using fraudulent Principals from a rogue Content Process

Categories

(Core :: DOM: Service Workers, enhancement, P3)

Product:
Core
Component:
DOM: Service Workers
Type:
enhancement

Tracking

()

Project Flags:
Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

The following IPC Protocols are constructed using a principal from the Content Process, and appear to result in an actor associated with that principal. Ultimately, this means that a rogue Content Process can construct and operate on any of the following Protocols in the context of another origin:

The most concerning of these are
https://searchfox.org/mozilla-central/source/dom/clients/manager/PClientSource.ipdl
https://searchfox.org/mozilla-central/source/dom/clients/manager/PClientHandle.ipdl

which have their own IPC methods attached. 

The result of these seem to correspond to individual operations and do not have additional IPC actions:
https://searchfox.org/mozilla-central/source/dom/clients/manager/PClientHandleOp.ipdl
https://searchfox.org/mozilla-central/source/dom/clients/manager/PClientManagerOp.ipdl
https://searchfox.org/mozilla-central/source/dom/clients/manager/PClientSourceOp.ipdl


When constructing these actors, all of which are contructed through structs in https://searchfox.org/mozilla-central/source/dom/clients/manager/ClientIPCTypes.ipdlh, we should assert that the principal provided is permissible for the content proces suppliying the data.
Let me know if this was not the correct component.
Component: General → IPC
Component: IPC → DOM: Service Workers
Priority: -- → P3

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.