Question: untrusted displaylist input

servo / webrender

A GPU-based renderer for the web

https://doc.servo.org/webrender/

Mozilla Public License 2.0

3.1k stars 276 forks source link

Question: untrusted displaylist input #4822

Closed LegNeato closed 12 months ago

LegNeato commented 12 months ago

What are the security implications of letting end users / untrusted users feed display lists into WebRender? Obviously in Firefox Gecko is trusted so I am not sure if the design takes into account potential security issues. For example, can you create a display list that causes WebRender to OOM?

Apologies if this is in the docs, I could not find information about it.

nical commented 12 months ago

For example, can you create a display list that causes WebRender to OOM?

Yes, and you can also create web pages that causes these display lists in Gecko.

I think that webrender should be pretty safe in terms of not letting malicious display lists cause arbitrary code execution and similar types of security exploits, but you can easily get it to crash by throwing too much content at it or asking it to allocate resources that are too large.

jrmuizel commented 12 months ago

The serialized display lists produced by the gecko content process that are consumed by the GPU/Parent process are considered untrusted.

LegNeato commented 12 months ago

Ok, thanks!