Closed
Bug 1043733
Opened 10 years ago
Closed 10 years ago
Require sandboxing for media plugins on Linux.
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: jld, Assigned: jld)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
10.81 KB,
patch
|
kang
:
review+
jesup
:
review+
|
Details | Diff | Splinter Review |
10.83 KB,
patch
|
jld
:
review+
Sylvestre
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
As a followup from bug 1039819, and to summarize recent discussion in #media: this bug is to disable Gecko Media Plugin support on Linux hosts that don't support seccomp-bpf sandboxing. Also, at this point it would be good to have a way for a user to check their sandboxing support status. Chromium has an about:sandbox page for this.
Assignee | ||
Comment 1•10 years ago
|
||
A few infrastructure changes: * Once we start trying to enable sandboxing, either it works or we crash. * Whether sandboxing is expected to work (or "work" by doing nothing, if disabled) is exposed to callers of the sandboxing code, so they can take steps earlier than sandbox start time, like disabling media plugin loading so that the browser doesn't advertise media capabilities it can't actually use. * To make this all (hopefully) simpler, the testing for seccomp-bpf support and environment variables is now done in a static initializer, setting flags used elsewhere in the code. Also of note: * Disabling GMP support is accomplished by failing calls to GeckoMediaPluginService::AddPluginDirectory. Try: https://tbpl.mozilla.org/?tree=Try&rev=0ed654d22aea or https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=0ed654d22aea
Attachment #8467948 -
Flags: review?(rjesup)
Attachment #8467948 -
Flags: review?(gdestuynder)
Comment 2•10 years ago
|
||
Comment on attachment 8467948 [details] [diff] [review] bug1043733-gmp-mandatory-sandbox-hg0.diff Review of attachment 8467948 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/sandbox/linux/Sandbox.cpp @@ -278,5 @@ > - didAnything = true; > - } > - /* > - * Bug 880797: when all B2G devices are required to support > - * seccomp-bpf, this should exit/crash if InstallSyscallFilter I take it bug 880797 has been resolved? I see InstallSyscallFilter handles the MOZ_CRASH itself
Attachment #8467948 -
Flags: review?(rjesup) → review+
Comment on attachment 8467948 [details] [diff] [review] bug1043733-gmp-mandatory-sandbox-hg0.diff Review of attachment 8467948 [details] [diff] [review]: ----------------------------------------------------------------- I added the documentation for the new flags from this patch here: https://wiki.mozilla.org/index.php?title=Security/Sandbox
Attachment #8467948 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 4•10 years ago
|
||
(In reply to Randell Jesup [:jesup] from comment #2) > > - * Bug 880797: when all B2G devices are required to support > > - * seccomp-bpf, this should exit/crash if InstallSyscallFilter > > I take it bug 880797 has been resolved? I see InstallSyscallFilter handles > the MOZ_CRASH itself Bug 880797 is… complicated, and I've updated it to try to address that. The overall behavior for content processes / on B2G isn't changed here. What this bug does do is make the optional-ness of sandboxing explicit, and make it conceptually the responsibility of the caller; see in particular the ContentParent change here (and contrast with the GMPParent/GMPChild change).
Assignee | ||
Comment 5•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/20dbe115d628
Comment 6•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/20dbe115d628
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Assignee | ||
Comment 7•10 years ago
|
||
Approval Request Comment [Feature/regressing bug #]: Bug 1012951 [User impact if declined]: OpenH264 could run unsandboxed on systems without sandboxing support — where we never intended to support OpenH264, and where we will remove that support in the next release. [Describe test coverage new/current, TBPL]: Covered by existing GMP testing. [Risks and why]: Minimal. [String/UUID change made/needed]: None.
Attachment #8473929 -
Flags: review+
Attachment #8473929 -
Flags: approval-mozilla-aurora?
Updated•10 years ago
|
status-firefox33:
--- → affected
status-firefox34:
--- → fixed
Updated•10 years ago
|
Attachment #8473929 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in
before you can comment on or make changes to this bug.
Description
•