Closed Bug 1056936 Opened 6 years ago Closed 6 years ago

Specify full path to plugin-container in sandbox rules

Categories

(Core :: Security, defect)

All
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla34
Tracking Status
firefox33 --- fixed
firefox34 --- fixed

People

(Reporter: smichaud, Assigned: smichaud)

Details

Attachments

(1 file)

Currently we specify a partial path to plugin-container in our Mac sandboxing rules:

https://hg.mozilla.org/mozilla-central/annotate/c14e5feadc61/security/sandbox/mac/Sandbox.mm#l36

But we should really specify the full path to the currently running binary.
Attached patch FixSplinter Review
Here's a fix.

I've started tryserver builds:
https://tbpl.mozilla.org/?tree=Try&rev=832691b0a40e
Attachment #8477477 - Flags: review?(rjesup)
Attachment #8477477 - Flags: review?(rjesup) → review+
https://hg.mozilla.org/mozilla-central/rev/44c64dfad1e2
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
Flags: qe-verify-
Comment on attachment 8477477 [details] [diff] [review]
Fix

Approval Request Comment
[Feature/regressing bug #]: Needed for uplift of bug 1012949
[User impact if declined]: FF 33 won't have Mac GMP sandboxing
[Describe test coverage new/current, TBPL]: Baked for several days on m-c
[Risks and why]: Low risk (moderate for all bug 1012949 uplifts together)
[String/UUID change made/needed]: none

This patch should be uplifted together with the other patches listed in bug 1012949 comment #110.
Attachment #8477477 - Flags: approval-mozilla-aurora?
Attachment #8477477 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.