Closed Bug 1378061 Opened 2 years ago Closed 2 years ago

Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs.

Categories

(Core :: Security: Process Sandboxing, defect)

55 Branch
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox55 + fixed
firefox56 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

(Whiteboard: sbwc2)

Attachments

(1 file)

This change from bug 1323188 broke web audio and some other things in the restricting SIDs (normal) case.

It possibly will still break web audio when running from a network drive, but I'll pick that up in a separate bug.
Assignee: nobody → bobowencode
Status: NEW → ASSIGNED
Whiteboard: sbwc2
Attachment #8883213 - Flags: review?(jmathies) → review+
Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/04edb03fb817
Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm
Duplicate of this bug: 1378706
https://hg.mozilla.org/mozilla-central/rev/04edb03fb817
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Bob, is this something you would like to be in 55? If so, can you request uplift?
Flags: needinfo?(bobowencode)
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #5)
> Bob, is this something you would like to be in 55? If so, can you request
> uplift?

We're not using USER_LIMITED in 55, but we might need to uplift this to make another uplift clean for bug 1377555.
I'll make sure we request at the same time if we do.
Flags: needinfo?(bobowencode)
Comment on attachment 8883213 [details] [diff] [review]
Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs

Approval Request Comment
[Feature/Bug causing the regression]:
Bug 1323188, also required for uplift of bugs 1377555 and 1377249

[User impact if declined]:
Bug 1377249 will not be able to be uplifted.

[Is this code covered by automated tests?]:
No

[Has the fix been verified in Nightly?]:
Verified in local build.

[Needs manual test from QE? If yes, steps to reproduce]: 
Bug 1377555 actually backs-out and re-implements this change so no.

[List of other uplifts needed for the feature/fix]:
Bug 1377555 and 1377249, should be uplifted after this.

[Is the change risky?]:
No.

[Why is the change risky/not risky?]:
This change is very simple

[String changes made/needed]:
None
Attachment #8883213 - Flags: approval-mozilla-beta?
Comment on attachment 8883213 [details] [diff] [review]
Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs

this is needed for some other fixes, beta55+
Attachment #8883213 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
(In reply to Bob Owen (:bobowen) from comment #7)
> [Is this code covered by automated tests?]:
> No
> 
> [Has the fix been verified in Nightly?]:
> Verified in local build.
> 
> [Needs manual test from QE? If yes, steps to reproduce]: 
> Bug 1377555 actually backs-out and re-implements this change so no.

Setting qe-verify- based on Bob's assessment on manual testing needs.
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.