Closed
Bug 1185532
Opened 10 years ago
Closed 10 years ago
Turn on the NPAPI process sandbox for Windows 64-bit by default.
Categories
(Core :: Security: Process Sandboxing, enhancement)
Tracking
()
RESOLVED
FIXED
mozilla43
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(1 file)
|
40 bytes,
text/x-review-board-request
|
benjamin
:
review+
Sylvestre
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-beta+
|
Details |
We want to set the default NPAPI sandbox to 2 and also prevent that from being dropped through the pref.
Instead of bug 1171397, I think that hard coding into the policy set-up function will be better.
So, pref values that lower the sandbox level will only be allowed if MOZ_ALLOW_WEAKER_SANDBOX env var is set.
This way it doesn't increase the attack surface, as we already have the MOZ_DISABLE_NPAPI_SANDBOX env var.
|
Assignee | |
Comment 1•10 years ago
|
||
Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit by default. r?bsmedberg
Attachment #8647445 -
Flags: review?(benjamin)
|
|
Assignee | |
Comment 2•10 years ago
|
||
The only remaining bug, that I know of, is for Key.isDown on old ActionScript 1 and 2 games.
It has already been agreed that we can turn on for 64-bit without that being fixed.
|
|
Assignee | |
Comment 3•10 years ago
|
||
|
||
Comment 4•10 years ago
|
||
https://reviewboard.mozilla.org/r/15991/#review14775
::: browser/app/profile/firefox.js:1195
(Diff revision 1)
> +#if defined(_AMD64_)
Does this actually work? Since this uses the Python preprocessor I wouldn't expect us to have an _AMD64_ define, and I don't see this in the tree.
I see HAVE_64BIT_BUILD though...
|
|
Assignee | |
Comment 5•10 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #4)
> https://reviewboard.mozilla.org/r/15991/#review14775
>
> ::: browser/app/profile/firefox.js:1195
> (Diff revision 1)
> > +#if defined(_AMD64_)
>
> Does this actually work? Since this uses the Python preprocessor I wouldn't
> expect us to have an _AMD64_ define, and I don't see this in the tree.
>
> I see HAVE_64BIT_BUILD though...
It certainly appears to work and I was just keeping it consistent with the other changes, which also use this.
I thought that this was being defined here:
https://dxr.mozilla.org/mozilla-central/rev/d5cf4e7900df6b2351bf3677b49fb70bedf68b99/configure.in#2398
But to be honest, I don't understand the different types of preprocessors that are used or what is available to them.
|
|
||
Comment 6•10 years ago
|
||
Comment on attachment 8647445 [details]
MozReview Request: Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit by default. r?bsmedberg
https://reviewboard.mozilla.org/r/15993/#review14827
Ship It!
Attachment #8647445 -
Flags: review?(benjamin) → review+
|
|
Assignee | |
Comment 7•10 years ago
|
||
url: https://hg.mozilla.org/integration/mozilla-inbound/rev/5d168ed7999b8f4c3472a822eddafd2b630870a5
changeset: 5d168ed7999b8f4c3472a822eddafd2b630870a5
user: Bob Owen <bobowencode@gmail.com>
date: Thu Aug 20 12:45:09 2015 +0100
description:
Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit flash by default. r=bsmedberg
|
|
Assignee | |
Comment 8•10 years ago
|
||
Just realised at the last moment that I was hard coding the sandbox level to 2 for all NPAPI processes, so I changed that to just be for flash, as per the pref.
I know this is a bit academic as we're not allowing anything but flash at 64-bit, but did it just to save possible confusion later.
|
||
Comment 9•10 years ago
|
||
Bob, does this change need to be uplifted to Beta 41?
status-firefox40:
--- → wontfix
status-firefox41:
--- → affected
status-firefox42:
--- → affected
status-firefox43:
--- → fixed
Flags: needinfo?(bobowen.code)
|
|
Assignee | |
Comment 10•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #9)
> Bob, does this change need to be uplifted to Beta 41?
Yes, I was going to request tomorrow, but I'm unsure as to how people would like to time it.
It might be a good idea to give a bit of time in Nightly and then Aurora, before Beta.
What do you think?
Flags: needinfo?(bobowen.code)
|
|
||
Comment 11•10 years ago
|
||
Bob and I talked on IRC. Let's give this a day or two on 64-bit Nightly. Bob will be on PTO for the next two weeks, so I'll request uplift to Aurora and Beta.
Flags: needinfo?(cpeterson)
|
||
Comment 12•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
|
|
||
Comment 13•10 years ago
|
||
[Tracking Requested - why for this release]:
This bug caused hang bug 1197943 when trying to watch Amazon Instant Video using 64-bit Flash.
tracking-firefox43:
--- → ?
Flags: needinfo?(cpeterson)
|
|
||
Comment 14•10 years ago
|
||
Comment on attachment 8647445 [details]
MozReview Request: Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit by default. r?bsmedberg
Approval Request Comment
[Feature/regressing bug #]: N/A
[User impact if declined]: 64-bit Flash does not have its own sandbox (Adobe's Flash Protected Mode), so 64-bit Firefox users are currently running an unsandboxed Flash unless we uplift this patch.
[Describe test coverage new/current, TreeHerder]: This patch has been on Nightly 43 for three days.
[Risks and why]: Known plugin hang when playing Amazon Instant video (bug 1197943) or BBC video (bug 1197940), but Firefox is able to kill the plugin and recover (when e10s is disabled). If e10s is enabled, then the plugin hang can sometimes hang the browser too (bug 1198368), but e10s is not enabled in Beta 41.
Even with these known regressions, blassey and bsmedberg think we should uplift this patch to determine how widespread the problem might be. The sandbox regressions only affect 64-bit Firefox users. We won't ship 64-bit Firefox until the sandbox works, so we won't be shipping 64-bit with Firefox 41 anyways.
[String/UUID change made/needed]: None.
Attachment #8647445 -
Flags: approval-mozilla-beta?
Attachment #8647445 -
Flags: approval-mozilla-aurora?
|
||
Comment 15•10 years ago
|
||
Comment on attachment 8647445 [details]
MozReview Request: Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit by default. r?bsmedberg
Ritu will make the call for beta. I am happy to take it for aurora as Windows 64 is not officially supported and we need to improve the situation before going public.
Attachment #8647445 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 16•10 years ago
|
||
|
||
Comment 17•10 years ago
|
||
Chris, given that FF41 is not supported on 64-bit windows and e10s is disabled by default, do you still believe uplifting this to FF41 will be useful?
Flags: needinfo?(cpeterson)
|
|
||
Comment 18•10 years ago
|
||
(In reply to Ritu Kothari (:ritu) from comment #17)
> Chris, given that FF41 is not supported on 64-bit windows and e10s is
> disabled by default, do you still believe uplifting this to FF41 will be
> useful?
I think it is still useful. We do generate 64-bit builds of FF41 in the Beta channel; we just don't plan to release them for the 41 Release channel.
This plugin sandbox patch does not require e10s. Firefox has a separate plugin process even when not using e10s.
Flags: needinfo?(cpeterson)
|
|
||
Comment 19•10 years ago
|
||
Comment on attachment 8647445 [details]
MozReview Request: Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit by default. r?bsmedberg
FF41 does not officially support windows 64-bit version. With this uplift, 64-bit users will now get a sandboxed version of Flash on FF41. It seems safe to uplift to Beta41 if this helps fix issues for 64-bit users while having no negative impact on the remainder of our end-users.
Attachment #8647445 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 21•10 years ago
|
||
Keywords: checkin-needed
|
||
Comment 22•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #18)
> I think it is still useful. We do generate 64-bit builds of FF41 in the Beta
> channel; we just don't plan to release them for the 41 Release channel.
Bug 1181014 seems to indicate that we do (or did at some point) in fact want to release 64-bit builds for Firefox 41 to the Release channel. Is bug 1181014 out of date now? Chris, the bug is in contradiction with your comments, could you please clarify?
Flags: needinfo?(cpeterson)
|
|
||
Comment 23•10 years ago
|
||
Florin, thanks for asking! I believe bug 1181014 is out of date, but I will follow up with Javaun in that bug.
Flags: needinfo?(cpeterson)
|
||
Comment 24•10 years ago
|
||
Tracking to keep this on our radar if it reopens.
|
||
Comment 25•10 years ago
|
||
This may be causing bug 1201438.
|
||
Comment 26•10 years ago
|
||
in this bug : https://bugzilla.mozilla.org/show_bug.cgi?id=1181014#c24
a member of Mozilla told us that Firefox 64-bit for windows will be release in a stable version 42 (not beta).
But if there's no flash sandboxing, will this be really a stable version? it will be like a beta version instead.
What do you think about that?
|
|
||
Comment 27•10 years ago
|
||
(In reply to Julien from comment #26)
> in this bug : https://bugzilla.mozilla.org/show_bug.cgi?id=1181014#c24
> a member of Mozilla told us that Firefox 64-bit for windows will be release
> in a stable version 42 (not beta).
> But if there's no flash sandboxing, will this be really a stable version? it
> will be like a beta version instead.
Flash sandboxing is currently on by default in 64-bit Firefox 42 (Beta channel) and has been on since 64-bit Firefox 41 (comment 21 in this bug).
|
|
||
Comment 28•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #27)
>> Flash sandboxing is currently on by default in 64-bit Firefox 42 (Beta
> channel) and has been on since 64-bit Firefox 41 (comment 21 in this bug).
I made a try with firefox 42 beta x64 for windows and I didn't have the 2 Adobe Flash player processus in memory, like with the 32 bit version of firefox.
So I thought there was no sandboxing.
Does it simply mean there is no protected mode?
What are those 2 Flash processus in 32 bit version?
Will they be implemented in the future of Firefox x64?
thanks in advance.
|
|
||
Comment 29•10 years ago
|
||
(In reply to Julien from comment #28)
> I made a try with firefox 42 beta x64 for windows and I didn't have the 2
> Adobe Flash player processus in memory, like with the 32 bit version of
> firefox.
> So I thought there was no sandboxing.
>
> Does it simply mean there is no protected mode?
> What are those 2 Flash processus in 32 bit version?
> Will they be implemented in the future of Firefox x64?
"Protected Mode" is Adobe's Flash sandbox, but it is only available for 32-bit Firefox on Windows. "NPAPI sandbox" is Mozilla's plugin sandbox (this bug) and is currently enabled for 64-bit Firefox (on 64-bit Windows). There are no plans to port Adobe's Protected Mode to 64-bit Firefox because we have the NPAPI sandbox.
You need to log in
before you can comment on or make changes to this bug.
Description
•