Thumbnail content process on Windows is being sandboxed by mistake.

VERIFIED FIXED in Firefox 38

Status

()

Core
Security: Process Sandboxing
VERIFIED FIXED
3 years ago
3 years ago

People

(Reporter: bobowen, Assigned: bobowen)

Tracking

Trunk
mozilla40
Points:
---

Firefox Tracking Flags

(firefox37 wontfix, firefox38 fixed, firefox38.0.5 fixed, firefox39 fixed, firefox40 verified, firefox-esr38 verified)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
I've recently realised that the thumbnail content process is being sandboxed everywhere because the content sandbox is turned on in all channels.
This is simply because at the time I made that change, I didn't realise that the content process was being used at all.
So I changed it to all channels thinking that it would roll out when e10s did.

This may well not be causing any issues for most platforms, but the WinXP 64-bit sandbox currently fails to start, so it's certainly affecting that.

I'm going to change this to Nightly only for the moment.
(Assignee)

Comment 1

3 years ago
Created attachment 8598055 [details] [diff] [review]
Only enable Windows content sandbox on Nightly because of thumbnail process.
Attachment #8598055 - Flags: review?(mh+mozilla)
Attachment #8598055 - Flags: review?(mh+mozilla) → review+

Comment 2

3 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/786d3ff3e82f
https://hg.mozilla.org/mozilla-central/rev/786d3ff3e82f
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox40: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
(Assignee)

Updated

3 years ago
status-firefox37: --- → affected
status-firefox38: --- → affected
status-firefox38.0.5: --- → affected
status-firefox39: --- → affected
(Assignee)

Comment 4

3 years ago
Comment on attachment 8598055 [details] [diff] [review]
Only enable Windows content sandbox on Nightly because of thumbnail process.

Approval Request Comment
[Feature/regressing bug #]:
Bug 928044

[User impact if declined]:
The thumbnail content process will continue to fail to start for WinXP 64-bit users.
Also, there is a possibility that the sandbox is contributing to other crashes, but with no real benefit given the weak sandbox policy.

[Describe test coverage new/current, TreeHerder]:
This essentially falls back to the old chromium code for starting child processes, which is what was used until Fx37 and is still used for NPAPI processes.

Also I have applied this patch to a local version of Aurora and Beta and made sure that the thumbnail process starts correctly without sandboxing.

[Risks and why]:
Low - this is changing back to the Fx36 way of starting the process.

[String/UUID change made/needed]:
None
Attachment #8598055 - Flags: approval-mozilla-beta?
Attachment #8598055 - Flags: approval-mozilla-aurora?
(Assignee)

Comment 5

3 years ago
Just to be clear I think this should go to 38 and 38.05.
Comment on attachment 8598055 [details] [diff] [review]
Only enable Windows content sandbox on Nightly because of thumbnail process.

[Triage Comment]
Should be in 38 rc1
Attachment #8598055 - Flags: approval-mozilla-release+
Attachment #8598055 - Flags: approval-mozilla-beta?
Attachment #8598055 - Flags: approval-mozilla-aurora?
Attachment #8598055 - Flags: approval-mozilla-aurora+
status-firefox37: affected → wontfix
https://hg.mozilla.org/releases/mozilla-aurora/rev/ee1237e4815e
status-firefox39: affected → fixed
https://hg.mozilla.org/releases/mozilla-release/rev/742d81505cd3
status-firefox38: affected → fixed
https://hg.mozilla.org/releases/mozilla-esr38/rev/742d81505cd3
status-firefox-esr38: --- → fixed
https://hg.mozilla.org/releases/mozilla-beta/rev/742d81505cd3
status-firefox38.0.5: affected → fixed
Bob, do you have some detailed steps to verify this fix with ESR 38?
Flags: needinfo?(bobowen.code)
(Assignee)

Comment 12

3 years ago
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #11)
> Bob, do you have some detailed steps to verify this fix with ESR 38?

You can trigger the thumbnail content process with these instructions:
https://blog.mozilla.org/nnethercote/2013/10/22/how-to-trigger-a-child-process-in-desktop-firefox/

If you then look at the command line of the plugin-container.exe process using Process Explorer, it should not have the "-sandbox" parameter.

If you check a child process from Nightly with e10s it will have this parameter.
Flags: needinfo?(bobowen.code)
Reproduced with Firefox 37RC under Win 7 64-bit.
With Firefox 38.0ESR "-sandbox" parameter is not displayed, while on Nightly 40.0a1 2015-05-05 it is shown. 

Marking as verified these two versions.
Status: RESOLVED → VERIFIED
status-firefox40: fixed → verified
status-firefox-esr38: fixed → verified
You need to log in before you can comment on or make changes to this bug.