Closed Bug 1127230 Opened 10 years ago Closed 10 years ago

Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

Attachments

(1 file)

Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.
11.99 KB, patch
benjamin
: review+
cpeterson
: feedback+
Details | Diff | Splinter Review 
As cpeterson mentioned in Bug 1126402 Comment 7, the different levels of sandboxing of the NPAPI processes, would be better being controlled by integer prefs.
This changes the bool prefs into integer prefs as suggested.

It means I can look into adding a third level, with some of the suggestions from bbondy for tightening the sandbox.
This might prove useful when we get some sort of test suite for Flash.

(In reply to Chris Peterson [:cpeterson] from comment #7)

> That would simplify some of the C++ checks below and make testing easier.
> For example, you could ask people to run some test comparing (say) sandbox
> levels 2 and 3.

Chris, did you just mean not having to deal with two bool prefs or is there something that I've missed?
Attachment #8557191 - Flags: review?(benjamin)
Attachment #8557191 - Flags: feedback?(cpeterson)
Comment on attachment 8557191 [details] [diff] [review]
Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

Review of attachment 8557191 [details] [diff] [review]:
-----------------------------------------------------------------

(In reply to Bob Owen (:bobowen) from comment #1)
> (In reply to Chris Peterson [:cpeterson] from comment #7)
> 
> > That would simplify some of the C++ checks below and make testing easier.
> > For example, you could ask people to run some test comparing (say) sandbox
> > levels 2 and 3.
> 
> Chris, did you just mean not having to deal with two bool prefs or is there
> something that I've missed?

I just meant the two bool prefs. The integer levels are just one pref and don't have the confusion around invalid combinations of bool states. :)
Attachment #8557191 - Flags: feedback?(cpeterson) → feedback+
Comment on attachment 8557191 [details] [diff] [review]
Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

I don't think we should re-use the same pref names when they have a different type. How about dom.ipc.plugins.sandbox-level.* ?

r=me otherwise
Attachment #8557191 - Flags: review?(benjamin) → review+
Thanks Ben.

Just realised I hadn't pushed this to try at all.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=8915e17a2100
remote:   https://hg.mozilla.org/integration/mozilla-inbound/rev/9c95e28087ca
https://hg.mozilla.org/mozilla-central/rev/9c95e28087ca
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox38: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: