Bug 1505482: Disable restricting SIDs in Windows 7 NPAPI process sandbox. r=jimm a=jcristau
authorDavid Parks <dparks@mozilla.com>
Fri, 16 Nov 2018 15:24:00 -0800
changeset 501308 767930fe66d2ae68f97e33dcba861c8ebb3996c3
parent 501307 e68e1025c02887a9e0a419f166ddf02118b1b427
child 501309 d4d9fbf1b6e4c61bcee5d8b2219388a5767d768d
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm, jcristau
bugs1505482
milestone64.0
Bug 1505482: Disable restricting SIDs in Windows 7 NPAPI process sandbox. r=jimm a=jcristau Restricting SIDs increase the power of the sandbox. They cause problems that require us to patch the Windows GetFileAttributesW function. On Windows 7, this is not currently possible with out DLL interceptor so we do not use restricting SIDs there.
dom/plugins/ipc/FunctionHook.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/dom/plugins/ipc/FunctionHook.cpp
+++ b/dom/plugins/ipc/FunctionHook.cpp
@@ -7,16 +7,17 @@
 #include "FunctionHook.h"
 #include "FunctionBroker.h"
 #include "nsClassHashtable.h"
 #include "mozilla/ClearOnShutdown.h"
 
 #if defined(XP_WIN)
 #include <shlobj.h>
 #include "PluginModuleChild.h"
+#include "mozilla/WindowsVersion.h"
 #endif
 
 namespace mozilla {
 namespace plugins {
 
 StaticAutoPtr<FunctionHookArray> FunctionHook::sFunctionHooks;
 
 bool AlwaysHook(int) { return true; }
@@ -310,16 +311,21 @@ void FunctionHook::HookProtectedMode()
 }
 
 #if defined(MOZ_SANDBOX)
 
 /* GetFileAttributesW */
 
 typedef BasicFunctionHook<ID_GetFileAttributesW, decltype(GetFileAttributesW)> GetFileAttributesWFH;
 
+// Do not hook GetFileAttributesW in Win7 because the interceptor can't handle it.
+template<>
+ShouldHookFunc* const
+GetFileAttributesWFH::mShouldHook = [](int) { return IsWin8OrLater(); };
+
 DWORD WINAPI GetFileAttributesWHook(LPCWSTR aFilename)
 {
   MOZ_ASSERT(ID_GetFileAttributesW < FunctionHook::GetHooks()->Length());
   GetFileAttributesWFH* functionHook =
     static_cast<GetFileAttributesWFH*>(FunctionHook::GetHooks()->ElementAt(ID_GetFileAttributesW));
   if (!functionHook->OriginalFunction()) {
     NS_ASSERTION(FALSE, "Something is horribly wrong in GetFileAttributesWHook!");
     return FALSE;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -743,16 +743,21 @@ SandboxBroker::SetSecurityLevelForPlugin
 
   sandbox::MitigationFlags delayedMitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   result = mPolicy->SetDelayedProcessMitigations(delayedMitigations);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Invalid flags for SetDelayedProcessMitigations.");
 
+  // Restricting SIDs break some Flash functionality in Windows 7.
+  if (!IsWin8OrLater()) {
+    mPolicy->SetDoNotUseRestrictingSIDs();
+  }
+
   // Add rule to allow read / write access to a special plugin temp dir.
   AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                    sPluginTempDir, NS_LITERAL_STRING("\\*"));
 
   if (aSandboxLevel >= 2) {
     // Level 2 and above uses low integrity, so we need to give write access to
     // the Flash directories.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,