Closed
Bug 1322024
Opened 8 years ago
Closed 7 years ago
Remove com.apple.windowserver.active from the content process Mac sandbox
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fixed |
People
(Reporter: haik, Assigned: haik)
References
Details
(Whiteboard: sb+)
Attachments
(1 file)
Removing access to com.apple.windowserver.active exposes performance regressions on Talos tests "damp opt e10s" (~10%) and "tps opt e10s" (~20%). This bug is to cover investigating why this is happening and then remove windowserver.active without performance issues. Allowing access to windowserver.active might allow a compromised content process to draw to the screen and it's one more API we'd rather not expose to content if we don't have to.
|
Assignee | |
Updated•8 years ago
|
Whiteboard: sbmc3
|
||
Updated•8 years ago
|
status-firefox53:
affected → ---
|
||
Updated•7 years ago
|
|
|
||
Comment 1•7 years ago
|
||
The set of regressions here sound like they're on the same benchmarks as were improved by disabling logging (bug 1383841). We should trigger a talos run and see if removing windserver.active still has any performance impact.
|
|
Assignee | |
Comment 2•7 years ago
|
||
I'll re-do the talos tests. Gabor also mentioned that those regressing tests have been changed since this was last run. I pushed a try run on the 24th and hit a handful of test failures which I didn't get to look into yet. They look mostly unrelated, but I'll retry and see where things are today.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=6917c33c25b23218fb4efe71a690917b2df4a131
Assignee: nobody → haftandilian
Priority: -- → P1
Target Milestone: --- → mozilla57
|
|
||
Updated•7 years ago
|
Whiteboard: sbmc3 → sb+
|
|
Assignee | |
Comment 3•7 years ago
|
||
|
|
Assignee | |
Comment 4•7 years ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #3)
> https://treeherder.mozilla.org/perf.html#/
> comparechooser?newProject=try&newRevision=04d7f75bcc600dc113ecf4e10ea1678f4be
> e134d
The largest delta is "damp opt e10s" being 10.47% worse, although it isn't included when selecting "Show only important changes
Non-trivial changes (2%+)". No other results look significant. I will run this by someone with more experience interpreting talos results.
|
|
Assignee | |
Comment 5•7 years ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #4)
> (In reply to Haik Aftandilian [:haik] from comment #3)
> > https://treeherder.mozilla.org/perf.html#/
> > comparechooser?newProject=try&newRevision=04d7f75bcc600dc113ecf4e10ea1678f4be
> > e134d
>
> The largest delta is "damp opt e10s" being 10.47% worse, although it isn't
> included when selecting "Show only important changes
> Non-trivial changes (2%+)". No other results look significant. I will run
> this by someone with more experience interpreting talos results.
After adding more repeats to the try run, none of the perf differences are significant.
Local tests and try results haven't turned up any issues with removing windowserver.active so I'm moving forward with this fix.
| Comment hidden (mozreview-request) |
|
|
||
Comment 7•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8894626 [details]
Bug 1322024 - [Mac] Remove com.apple.windowserver.active access from the content sandbox.
https://reviewboard.mozilla.org/r/165780/#review170884
Attachment #8894626 -
Flags: review?(agaynor) → review+
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/da3110f2da8b
[Mac] Remove com.apple.windowserver.active access from the content sandbox. r=Alex_Gaynor
|
||
Comment 9•7 years ago
|
||
| bugherder | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•