On 5/22/2014 6:51 AM, Mike Perry wrote:
Hrm.. What is the nature of the barrier between the $EVILBLOB and the CRM host, then?
There are two processes, the Firefox process and the Adobe-EME-plugin process. Both processes run Mozilla binaries. Let's presume for the moment that those are called firefox.exe and plugin-container.exe.
When the user requests DRM activation, firefox.exe will set up launching plugin-container.exe in a sandbox. This sandbox does not have access to most OS APIs, including any networking or filesystem APIs. The only data that the sandbox has is whatever firefox.exe gives it access to via known pipes.
plugin-container.exe then loads the Adobe DRM DLL and feeds it the data as requested by firefox.exe and sends the information back to firefox over the pipes.
The Adobe DLL is free to poke around and check for instance that plugin-container.exe is a binary that it expects before proceeding. But it can't go to the network or the filesystem or store any persistent identifiers because it doesn't have access to those oscalls.
--BDS _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
