88
edits
Security/Mentorships/MWoS/2014/B2G-IPC-Audit: Difference between revisions
Security/Mentorships/MWoS/2014/B2G-IPC-Audit (view source)
Revision as of 11:33, 15 August 2014
, 15 August 2014→Description
| Line 16: | Line 16: | ||
by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action (example?) that it is not given initial access to. In many cases the required action can still be done by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through inter-process communication (IPC). Then the privileged application can verify that the request message is well formatted and non-malicious and then execute it. A great technical introduction for FirefoxOS IPC can be found here [1]. | by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action (example?) that it is not given initial access to. In many cases the required action can still be done by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through inter-process communication (IPC). Then the privileged application can verify that the request message is well formatted and non-malicious and then execute it. A great technical introduction for FirefoxOS IPC can be found here [1]. | ||
Inside these privileged applications the code responsible for handling IPC messages from sandboxed processes is of great interest to an attacker. Privileged process must assume that the sandboxed applications have already been compromised and any message from them | Inside these privileged applications the code responsible for handling IPC messages from sandboxed processes is of great interest to an attacker. Privileged process must assume that the sandboxed applications have already been compromised and any message from them is potentially | ||
attacker controlled. Therefore if the message handling code contains any software bugs it could potentially allow an attacker to escalate their | attacker controlled. Therefore if the message handling code contains any software bugs it could potentially allow an attacker to escalate their | ||
privileges by compromising the non-sandboxed process through special IPC messages. | privileges by compromising the non-sandboxed process through special IPC messages. | ||