Closed Bug 1127230 Opened 5 years ago Closed 5 years ago

Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

Categories

(Core :: Security: Process Sandboxing, defect)

All
Windows 7
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla38
Tracking Status
firefox38 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

Attachments

(1 file)

As cpeterson mentioned in Bug 1126402 Comment 7, the different levels of sandboxing of the NPAPI processes, would be better being controlled by integer prefs.
This changes the bool prefs into integer prefs as suggested.

It means I can look into adding a third level, with some of the suggestions from bbondy for tightening the sandbox.
This might prove useful when we get some sort of test suite for Flash.

(In reply to Chris Peterson [:cpeterson] from comment #7)

> That would simplify some of the C++ checks below and make testing easier.
> For example, you could ask people to run some test comparing (say) sandbox
> levels 2 and 3.

Chris, did you just mean not having to deal with two bool prefs or is there something that I've missed?
Attachment #8557191 - Flags: review?(benjamin)
Attachment #8557191 - Flags: feedback?(cpeterson)
Comment on attachment 8557191 [details] [diff] [review]
Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

Review of attachment 8557191 [details] [diff] [review]:
-----------------------------------------------------------------

(In reply to Bob Owen (:bobowen) from comment #1)
> (In reply to Chris Peterson [:cpeterson] from comment #7)
> 
> > That would simplify some of the C++ checks below and make testing easier.
> > For example, you could ask people to run some test comparing (say) sandbox
> > levels 2 and 3.
> 
> Chris, did you just mean not having to deal with two bool prefs or is there
> something that I've missed?

I just meant the two bool prefs. The integer levels are just one pref and don't have the confusion around invalid combinations of bool states. :)
Attachment #8557191 - Flags: feedback?(cpeterson) → feedback+
Comment on attachment 8557191 [details] [diff] [review]
Change the NPAPI sandbox prefs to integers to indicate the level of sandboxing.

I don't think we should re-use the same pref names when they have a different type. How about dom.ipc.plugins.sandbox-level.* ?

r=me otherwise
Attachment #8557191 - Flags: review?(benjamin) → review+
Thanks Ben.

Just realised I hadn't pushed this to try at all.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=8915e17a2100
https://hg.mozilla.org/mozilla-central/rev/9c95e28087ca
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.