Closed Bug 1337162 Opened 7 years ago Closed 7 years ago

Let Linux content process sandbox ride the trains

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla54
Tracking Flags:
Tracking Status
firefox53 --- affected
firefox54 --- fixed

People

(Reporter: jld, Unassigned)

References

Details

(Whiteboard: sblc2)

Attachments

(1 file)

Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds.
59 bytes, text/x-review-board-request
ted
: review+
gchang
: approval-mozilla-aurora-
Details 
The actual patch for getting Linux content process sandboxing turned on on non-nightly builds will be tiny, but this bug is also for collecting anything we'll definitely need uplifted in order to jump on the 53 train.
Depends on: 1330326, 1335323
Whiteboard: sblc2
Needs to be uplifted as well.
Depends on: 1329216
Comment on attachment 8841061 [details]
Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds.

https://reviewboard.mozilla.org/r/115408/#review117132

::: old-configure.in:3740
(Diff revision 1)
>  dnl ========================================================
>  if test -n "$gonkdir"; then
>      MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
>  fi
>  
>  case "$OS_TARGET:$NIGHTLY_BUILD" in

As a follow-up you could just remove the `$NIGHTLY_BUILD` bit entirely. Although the better patch would be to move all of this logic to moz.configure.
Attachment #8841061 - Flags: review+
Comment on attachment 8841061 [details]
Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds.

https://reviewboard.mozilla.org/r/115408/#review117138
Attachment #8841061 - Flags: review+
Pushed by gpascutto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3289df5bebeb
Enable the Linux content sandbox for non-Nightly builds. r=ted
Comment on attachment 8841061 [details]
Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds.

Approval Request Comment
[Feature/Bug causing the regression]: Enables syscall+write sandboxing for Linux.
[User impact if declined]: Less secure browser.
[Is this code covered by automated tests?]: Yes, there are some to check whether the policies are effective, and all other, normal tests run "inside" the sandbox.
[Has the fix been verified in Nightly?]: Core code has been in Nightly since October.
[List of other uplifts needed for the feature/fix]: Bug 1286865, Bug 1329216, Bug 1330326, Bug 1335323, Bug 1335329 
[Is the change risky?]: Moderately.
[Why is the change risky/not risky?]: 
Although it has been tested in Nightly for months, the main thing that interacts with the Sandbox and could cause problems for us is third-party libraries that are being loaded into Firefox. Differences in user population between Beta/Release and Nightly will mean that we might see new compatibility issues. I suspect this is less of an issue on Aurora (which is probably closer to Nightly), but it will be a bigger one when moving to Beta (one more reason to want this on beta sooner rather than later!). Two of the bugs that need uplift together with this one add a fine-grained exception mechanism that we can use to open holes in the sandbox via preferences, if this turns out to be needed. Another bug adds Telemetry reporting for issues Firefox detects in the field. We believe that with the combination of the two, we can measure the impact and if needed quickly respond and fix issues in Aurora/Beta via preference updates rather than full patches.
Attachment #8841061 - Flags: review?(mh+mozilla) → approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/3289df5bebeb
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox54: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Comment on attachment 8841061 [details]
Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds.

This is a huge patch according to the [List of other uplifts needed for the feature/fix]. We only have less than 1 week to Beta53. This seems too risky to me to uplift these patches to 53. Aurora53-. We can let this ride the train on 54.
Attachment #8841061 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora-
I can speak for Bug 1329216, which is already uplifted. But don't know if that changes anything.
Depends on: 1344106
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: