Closed
Bug 1077057
Opened 10 years ago
Closed 10 years ago
Expose Linux sandboxing status in an about: page
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(2 files, 3 obsolete files)
5.40 KB,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
11.95 KB,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
Linux has a number of sandboxing / security hardening features whose availability varies widely (and not always very predictably) among distributions and versions and sometimes local configuration. It would be useful for a knowledgeable user or developer to be able to see the status of the features relevant to Firefox.
This could be similar to Chromium's about:sandbox page, which displays the information in a simple textual format.
Assignee | ||
Comment 1•10 years ago
|
||
r?(kang) for the sandbox side; r?(bsmedberg) for the nsSystemInfo side after browsing the history looking for vaguely similar commits.
Attachment #8514673 -
Flags: review?(gdestuynder)
Attachment #8514673 -
Flags: review?(benjamin)
Assignee | ||
Comment 2•10 years ago
|
||
I'm a little unclear on how this maps to the module/review system; please adjust flags if needed.
Attachment #8514676 -
Flags: review?(bzbarsky)
Comment 3•10 years ago
|
||
Does this need to be a separate page rather than something we can include in about:support?
Updated•10 years ago
|
Flags: needinfo?(jld)
Assignee | ||
Comment 4•10 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #3)
> Does this need to be a separate page rather than something we can include in
> about:support?
That's a good point. Probably not.
Flags: needinfo?(jld)
Assignee | ||
Updated•10 years ago
|
Attachment #8514676 -
Flags: review?(bzbarsky)
Comment on attachment 8514673 [details] [diff] [review]
Step 1: Expose Linux sandboxing information to JS via nsSystemInfo.
Review of attachment 8514673 [details] [diff] [review]:
-----------------------------------------------------------------
Good idea!
only looked at the Sandbox.* files - looks good to me
Attachment #8514673 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 6•10 years ago
|
||
Now with the information in about:support#sandbox instead of a separate page.
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=9bedbe344b27
Attachment #8514676 -
Attachment is obsolete: true
Attachment #8517105 -
Flags: review?(bmcbride)
Assignee | ||
Updated•10 years ago
|
Attachment #8514673 -
Flags: review?(benjamin) → review?(nfroyd)
Comment 7•10 years ago
|
||
Comment on attachment 8514673 [details] [diff] [review]
Step 1: Expose Linux sandboxing information to JS via nsSystemInfo.
Review of attachment 8514673 [details] [diff] [review]:
-----------------------------------------------------------------
xpcshell tests for this would be great...is that hard to do on the build machines?
::: xpcom/base/nsSystemInfo.cpp
@@ +363,5 @@
> +
> + SandboxAvailability sandboxContent = CanSandboxContentProcess();
> + if (sandboxContent != kSandboxingDisabled) {
> + SetPropertyAsBool(NS_LITERAL_STRING("canSandboxContent"),
> + sandboxContent);
Oooo, this is almost a little too clever with the enum values. I think there should be some MOZ_ASSERT sprinkled around here so our cleverness is more explicit:
MOZ_ASSERT(sandboxContent == kSandboxingWouldFail || sandboxContent == kSandboxingSupported);
static_assert(kSandboxingWouldFail == 0, "...");
static_assert(kSandboxingSupported == 1, "...");
@@ +369,5 @@
> +
> + SandboxAvailability sandboxMedia = CanSandboxMediaPlugin();
> + if (sandboxMedia != kSandboxingDisabled) {
> + SetPropertyAsBool(NS_LITERAL_STRING("canSandboxMedia"),
> + sandboxMedia);
Likewise.
Attachment #8514673 -
Flags: review?(nfroyd) → review+
Comment 8•10 years ago
|
||
Comment on attachment 8517105 [details] [diff] [review]
Step 2: Include Linux sandboxing information in about:support.
Review of attachment 8517105 [details] [diff] [review]:
-----------------------------------------------------------------
::: toolkit/locales/en-US/chrome/global/aboutSupport.properties
@@ +82,5 @@
>
> minLibVersions = Expected minimum version
> loadedLibVersions = Version in use
> +
> +hasSeccompBPF = Seccomp-BPF
I had to lookup what this was (who names this stuff?!). Turns out Wikipedia (https://en.wikipedia.org/wiki/Seccomp#seccomp-bpf) mentions that Chrome uses this, but has no mention of Firefox - if you have context, perhaps you could add mention of Firefox (and B2G I believe?) supporting this too?
::: toolkit/modules/Troubleshoot.jsm
@@ +476,5 @@
> +
> + let sysInfo = Cc["@mozilla.org/system-info;1"].
> + getService(Ci.nsIPropertyBag2);
> + let data = {};
> + keys.forEach(function(key) {
Nit: for-of loops are generally preferred these days, for more modern/readable code.
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for...of
Attachment #8517105 -
Flags: review?(bmcbride) → review+
Assignee | ||
Updated•10 years ago
|
Summary: Add an about:sandbox page, at least on Linux → Expose Linux sandboxing status in an about: page
Assignee | ||
Comment 9•10 years ago
|
||
(In reply to Nathan Froyd (:froydnj) from comment #7)
> Oooo, this is almost a little too clever with the enum values. I think
> there should be some MOZ_ASSERT sprinkled around here so our cleverness is
> more explicit:
>
> MOZ_ASSERT(sandboxContent == kSandboxingWouldFail || sandboxContent ==
> kSandboxingSupported);
> static_assert(kSandboxingWouldFail == 0, "...");
> static_assert(kSandboxingSupported == 1, "...");
The more I think about this, the less I want to inflict it on the world, as opposed to just using an enum normally and changing the call sites. “Explicit is better than implicit”, “code is read much more often than it is written”, etc.
(In reply to Blair McBride [:Unfocused] from comment #8)
> > +hasSeccompBPF = Seccomp-BPF
>
> I had to lookup what this was (who names this stuff?!). Turns out Wikipedia
> (https://en.wikipedia.org/wiki/Seccomp#seccomp-bpf) mentions that Chrome
> uses this, but has no mention of Firefox - if you have context, perhaps you
> could add mention of Firefox (and B2G I believe?) supporting this too?
Good idea. Also, I think I'll change that label to "Seccomp-BPF (System Call Filtering)", which might at least make it less opaque to someone with enough Unix background to have encountered "system call".
> ::: toolkit/modules/Troubleshoot.jsm
> @@ +476,5 @@
> > +
> > + let sysInfo = Cc["@mozilla.org/system-info;1"].
> > + getService(Ci.nsIPropertyBag2);
> > + let data = {};
> > + keys.forEach(function(key) {
>
> Nit: for-of loops are generally preferred these days, for more
> modern/readable code.
> https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/
> for...of
Thanks; that's a definite improvement.
Assignee | ||
Comment 10•10 years ago
|
||
Carrying over r+.
Attachment #8517105 -
Attachment is obsolete: true
Attachment #8518389 -
Flags: review+
Assignee | ||
Comment 11•10 years ago
|
||
Attachment #8514673 -
Attachment is obsolete: true
Attachment #8518432 -
Flags: review?(nfroyd)
Updated•10 years ago
|
Attachment #8518432 -
Flags: review?(nfroyd) → review+
Assignee | ||
Comment 12•10 years ago
|
||
Try: https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=98f777a83e53 (assuming I've starred it correctly)
Keywords: checkin-needed
Comment 13•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/09cbdbb68a5c
https://hg.mozilla.org/integration/mozilla-inbound/rev/cca5872f47f4
Keywords: checkin-needed
Comment 14•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/09cbdbb68a5c
https://hg.mozilla.org/mozilla-central/rev/cca5872f47f4
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in
before you can comment on or make changes to this bug.
Description
•