1171393 - Remove requirement for TEMP dir write access for Windows NPAPI process sandbox

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect, P3)

Description

[Bob Owen (:bobowen)]

Write access to the Temp directory is currently needed for:
* temporary file used to turn off protected mode
* some tests write to the profile, which is in the user's temp directory

Once these are resolved I think we can get rid of TEMP directory write access (set up in PluginProcessParent.cpp).

Comment 1

[Chris Peterson [:cpeterson]]

Jim says David is looking at this bug.

Comment 2

[David Parks [:handyman]]

Attachment: bug1171393.patch

I don't know what tests were failing on 6/4/2015 but they no longer seem to be of any concern.  Something has changed in the build process that makes running those tests now a challenge.

The comment in the code mentions mochitests but, for completeness, this is a full test suite run with this patch:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=dca71df8a781&selectedJob=26779007

Comment 3

[Bob Owen (:bobowen)]

Comment on attachment 8787675 [details] [diff] [review]
bug1171393.patch

Review of attachment 8787675 [details] [diff] [review]:
-----------------------------------------------------------------

I just thought, that it could be that those tests were only debug ones and we added access to temp for debug builds for leak testing.

Either way looks like this can go now, which is great.

Comment 4

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/22990bbee8a8
Remove sandbox write access to temp directory which was opened for tests. r=bobowen

Comment 5

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/mozilla-central/rev/22990bbee8a8