Closed
Bug 1037211
Opened 10 years ago
Closed 10 years ago
Remove --enable-content-sandbox-reporter by making it always true
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(2 files)
I don't feel that we really gain anything by making sandbox failure reporting disableable, and given that we're going to need to use a SIGSYS handler to non-fatally handle certain disallowed system calls (filesystem access; maybe more) in the immediate future, the complexity that would be added by continuing to support it is hard to justify. Also, as named it's specific to content process sandboxing even though the sandbox failure handling will also apply to media plugin processes (and could include other types in the future), and it's silently ignored on non-Linux platforms. --enable-content-sandbox-reporter is set in B2G's gonk-misc/default-gecko-config, but it's also enabled by default on B2G (bug 979590). So this needs two steps (but at least it's not three): remove it from gonk-misc, then unifdef gecko.
Assignee | ||
Comment 1•10 years ago
|
||
Testing: ran a build locally (with gecko clobber); confirmed that MOZ_CONTENT_SANDBOX_REPORTER is still enabled.
Attachment #8454213 -
Flags: review?(gdestuynder)
Comment on attachment 8454213 [details] [review] Step 1: gonk-misc. Link to Github pull-request: https://github.com/mozilla-b2g/gonk-misc/pull/178 Initially the goal was to have as little code in the sandbox as possible to ensure the implementation is safe - ie things that werent needed at runtime would be disabled (also the reason for not having the compiler initially). That said, its more convenient to have it on. The trade off is ok either way IMO. Thus r+.
Attachment #8454213 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 3•10 years ago
|
||
https://github.com/mozilla-b2g/gonk-misc/commit/5eb9b152764b4a4cf00af94ec02a808cdbb90a20 Leaving open for step 2…
Assignee | ||
Comment 4•10 years ago
|
||
Attachment #8456466 -
Flags: review?(gps)
Attachment #8456466 -
Flags: review?(gdestuynder)
Attachment #8456466 -
Flags: review?(gdestuynder) → review+
Comment 5•10 years ago
|
||
Comment on attachment 8456466 [details] [diff] [review] Step 2: gecko. Remove/unifdef MOZ_CONTENT_SANDBOX_REPORTER. Review of attachment 8456466 [details] [diff] [review]: ----------------------------------------------------------------- I love removing build options!
Attachment #8456466 -
Flags: review?(gps) → review+
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/c361be2aeb66
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/c361be2aeb66
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
You need to log in
before you can comment on or make changes to this bug.
Description
•