Closed
Bug 1141906
Opened 10 years ago
Closed 10 years ago
Soften assertion failures in Linux SandboxInfo (and maybe elsewhere in sandbox code)
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox39 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
4.65 KB,
patch
|
kang
:
review+
|
Details | Diff | Splinter Review |
The Linux sandboxing code has a few MOZ_CRASH()es that I think should be weakened to MOZ_DIAGNOSTIC_ASSERT(). This includes, but may not be limited to, the ones about how syscalls do/don't fail in SandboxInfo (see also bug 1137007 comment #10).
The general idea here is that — on release builds — the worst the sandboxing code should be able to do in response to deficiencies in the kernel is disable sandboxing support, and possibly dependent functionality along with it (e.g., GeckoMediaPlugin).
It probably won't always be as clear-cut as that, but if there's something reasonable that can be done instead of crashing (and isn't insecure), release builds probably should.
Debug builds should still have all the assertions; and as for non-debug Nightly and Aurora builds, the comment on MOZ_DIAGNOSTIC_ASSERT's definition about “potentially rare enough to require real user testing” seems to me to be applicable here. Those of us who use those builds for our regular browsing have accepted a certain risk of needing to file bugs.
Assignee | ||
Comment 1•10 years ago
|
||
Attachment #8579138 -
Flags: review?(gdestuynder)
Attachment #8579138 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 2•10 years ago
|
||
Keywords: checkin-needed
Comment 3•10 years ago
|
||
Keywords: checkin-needed
Comment 4•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
You need to log in
before you can comment on or make changes to this bug.
Description
•