Closed
Bug 1317735
Opened 8 years ago
Closed 7 years ago
Consolidate env vars for logging
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla54
Tracking | Status | |
---|---|---|
firefox54 | --- | fixed |
People
(Reporter: jimm, Assigned: handyman)
Details
(Whiteboard: sbwc2)
Attachments
(1 file)
8.49 KB,
patch
|
jimm
:
review+
|
Details | Diff | Splinter Review |
https://wiki.mozilla.org/Security/Sandbox#Activity_Logging We have a MOZ_WIN_SANDBOX_LOGGING (Windows) and a MOZ_SANDBOX_VERBOSE (Linux). OSX currently doesn't use env vars for this. We should combine these two env vars.
Reporter | ||
Updated•8 years ago
|
Whiteboard: sbwc3
Reporter | ||
Updated•7 years ago
|
Flags: needinfo?(davidp99)
Whiteboard: sbwc3 → sbwc2
Assignee | ||
Comment 1•7 years ago
|
||
I like MOZ_SANDBOX_LOG. Doing this in conjunction with bug 1306239.
Assignee: nobody → davidp99
Flags: needinfo?(davidp99)
Assignee | ||
Comment 2•7 years ago
|
||
Details: * The patch assigns the preference "security.sandbox.logging.enabled" and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged. * "security.sandbox.logging.enabled" defaults to true * "security.sandbox.windows.log" was the old pref on Windows and it defaulted to false, so this is a change in behavior. * In the patch, Linux doesn't check "security.sandbox.logging.enabled". This is because SandboxInfo's static init process (and the fact that we are building a shared library that doesn't statically link to libXUL) means that checking the pref is hard. My best idea was kind of hacky and required larger-than-is-warranted changes, like making the logging test an inline method in SandboxInfo and #ifdefing it to work only when the header is included in libXUL. E.g.: SandboxInfo.h ------------- #ifdef (MOZILLA_INTERNAL_API) #include "mozilla/Preferences.h" #endif class SandboxInfo { ... inline bool ShouldLog() { #ifdef (MOZILLA_INTERNAL_API) return Test(kVerbose) || Preferences::GetBool("security.sandbox.logging.enabled"); #else return Test(kVerbose); #endif } } ...and then changing all of the places that call Test(kVerbose) to call ShouldLog(). There are 10 such spots in the linux sandbox. They are here: https://dxr.mozilla.org/mozilla-central/search?q=SandboxInfo%3A%3AkVerbose&redirect=false Of course, this would only apply the setting to places in libXUL that use it -- namely, the 4 SandboxBroker.cpp calls, but that might be better than nothing.
Assignee | ||
Comment 3•7 years ago
|
||
Tests: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e6903c31615fb4b44fd60e9e2039e1a2420d4422
Assignee | ||
Updated•7 years ago
|
Attachment #8829579 -
Flags: review?(jmathies)
Reporter | ||
Comment 4•7 years ago
|
||
Comment on attachment 8829579 [details] [diff] [review] Make Pref and Env var that control sandbox violation logging platform-agnostic Review of attachment 8829579 [details] [diff] [review]: ----------------------------------------------------------------- So linux only looks at MOZ_SANDBOX_LOGGING, I guess we can live with that. You mention this in the standup this week so people know, also lets get the wiki page updated one this merges to mc.
Attachment #8829579 -
Flags: review?(jmathies) → review+
Reporter | ||
Comment 5•7 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #4) > Comment on attachment 8829579 [details] [diff] [review] > Make Pref and Env var that control sandbox violation logging > platform-agnostic > > Review of attachment 8829579 [details] [diff] [review]: > ----------------------------------------------------------------- > > So linux only looks at MOZ_SANDBOX_LOGGING, I guess we can live with that. > You mention this in the standup this week so people know, also lets get the > wiki page updated one this merges to mc. We should consider uplifting this to 52 as well to cut down on differences between versions as this rolls out.
Assignee | ||
Updated•7 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 6•7 years ago
|
||
Note that uplifting will probably also require uplifting Bug 1306239.
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/72f272108f0a Consolidate env vars for logging. r=jimm
Keywords: checkin-needed
Comment 8•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/72f272108f0a
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•