Closed Bug 1209091 Opened 4 years ago Closed 4 years ago

Re-enable signature checking for add-ons which was accidentally disabled

Categories

(Core Graveyard :: DOM: Apps, defect, P1)

defect

Tracking

(blocking-b2g:2.5+, firefox42 unaffected, firefox43+ fixed, firefox44+ fixed, firefox-esr38 unaffected, b2g-master affected)

RESOLVED FIXED
mozilla44
blocking-b2g 2.5+
Tracking Status
firefox42 --- unaffected
firefox43 + fixed
firefox44 + fixed
firefox-esr38 --- unaffected
b2g-master --- affected

People

(Reporter: cr, Assigned: cr)

References

Details

(Keywords: regression, sec-critical, Whiteboard: [b2g-adv-main2.5-][post-critsmash-triage])

Attachments

(1 file)

https://hg.mozilla.org/mozilla-central/diff/4e5e7b50bc48/dom/apps/UserCustomizations.jsm#l1.49 accidentally disabled signature checking for add-ons by setting "AppsUtils.allowUnsignedAddons = true;". This has to go asap.
Group: mozilla-employee-confidential
Assignee: nobody → cr
Status: NEW → ASSIGNED
Attachment #8666741 - Flags: review?(fabrice)
[Blocking Requested - why for this release]:

On September 15th, a patch landed on master that accidentally introduced development code that disabled signature checking for add-ons. We can't ship anything without this critical security requirement.
blocking-b2g: --- → 2.5?
Keywords: sec-critical
Comment on attachment 8666741 [details] [diff] [review]
Disable add-on signature workaround

Review of attachment 8666741 [details] [diff] [review]:
-----------------------------------------------------------------

/me ducks
Attachment #8666741 - Flags: review?(fabrice) → review+
Blocks 2.5 with P1 as its sec-critical
blocking-b2g: 2.5? → 2.5+
Priority: -- → P1
Group: mozilla-employee-confidential → core-security
This was introduced in bug 1198970 for 43. Do we want to allow addon signing to be disabled by the user in 43 (aurora or otherwise?)  If not, then this may need uplift to aurora.
https://hg.mozilla.org/mozilla-central/rev/4b4bedf4f6bb
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #6)
> This was introduced in bug 1198970 for 43. Do we want to allow addon signing
> to be disabled by the user in 43 (aurora or otherwise?)  If not, then this
> may need uplift to aurora.

You're right, this made it into FIREFOX_AURORA_43_BASE. That code was definitely not supposed to be there. Will create a patch against 43.
Liz, I haven't worked on any uplift patch for mozilla-central so far, and the patching/landing docs are strangely useless. If I repeat the modification on top of FIREFOX_AURORA_43_BASE, hg qnew pushes the exact same patch onto the queue that is already in attachement 8666741. Seems wasteful to run all the processes again. How does uplifting work in this trivial case?
Flags: needinfo?(lhenry)
Group: core-security → core-security-release
May be a better question for the sheriffs. But, if this applies fine to aurora, I don't see why you would need to create a new patch. We can uplift the existing one. Which docs are you looking at?
Flags: needinfo?(cr)
Wes can you help out here?
Flags: needinfo?(lhenry) → needinfo?(wkocher)
Comment on attachment 8666741 [details] [diff] [review]
Disable add-on signature workaround

4b4bedf4f6bb uplifts cleanly to aurora. I'd say we just need an a+ from someone like you, Liz. :)

Approval Request Comment
[Feature/regressing bug #]: Bug 1198970 
[User impact if declined]: Unsigned addons will install when they shouldn't.
[Describe test coverage new/current, TreeHerder]:
[Risks and why]: 
[String/UUID change made/needed]: None.
Flags: needinfo?(wkocher)
Attachment #8666741 - Flags: approval-mozilla-aurora?
Comment on attachment 8666741 [details] [diff] [review]
Disable add-on signature workaround

OK to uplift to aurora. Turning addon signing back on!
Attachment #8666741 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Whiteboard: [b2g-adv-main2.5-]
Whiteboard: [b2g-adv-main2.5-] → [b2g-adv-main2.5-][post-critsmash-triage]
Group: core-security-release
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.