Closed Bug 1353040 Opened 6 years ago Closed 6 years ago

Switch from using string interpolation with sandbox_init to sandbox_init_with_parameters

Categories

(Core :: Security: Process Sandboxing, enhancement)

Unspecified
macOS
enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox55 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Details

Attachments

(1 file)

Using sandbox_init_with_parameters with save us from some of the slightly messy interpolation.

It does not appear to be documented (but then, basically none of the sandbox infrastructure is!), however both Chrome and WebKit appear to use it, so I think it's safe.
Attachment #8854077 - Flags: review?(haftandilian)
Assignee: nobody → agaynor
Comment on attachment 8854077 [details]
Bug 1353040 - Switch from sandbox_init to sandbox_init_with_parameters

https://reviewboard.mozilla.org/r/126060/#review128668

r+ For the approach because named parameters are less error prone. Please add some support to make printing the policy for debugging straightforward. I think printing the params vector followed by the policy would be sufficient. No need to do string interpolation. And then re-request review. Thanks.

Once concern I mentioned on IRC was that with sandbox_init_with_parameters, we don't get to see the final policy string before passing it of to the OS. i.e., we don't get to see exactly how the argument strings are interpolated into the policy.
Attachment #8854077 - Flags: review?(haftandilian) → review+
Comment on attachment 8854077 [details]
Bug 1353040 - Switch from sandbox_init to sandbox_init_with_parameters

https://reviewboard.mozilla.org/r/126060/#review128996
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/07cf34197c32
Switch from sandbox_init to sandbox_init_with_parameters. r=haik
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/07cf34197c32
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.