Enable restricting SIDs in NPAPI process

RESOLVED FIXED in Firefox 64

Status

()

enhancement
P1
normal
RESOLVED FIXED
a year ago
6 months ago

People

(Reporter: handyman, Assigned: handyman)

Tracking

unspecified
mozilla64
Unspecified
Windows
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 disabled, firefox60 disabled, firefox61 disabled, firefox62 disabled, firefox63- disabled, firefox64+ fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment, 1 obsolete attachment)

This can land when bug 1382251 does.
(Assignee)

Updated

a year ago
Depends on: 1382251
(Assignee)

Comment 1

a year ago
Posted patch Enable SIDs in NPAPI proc (obsolete) — Splinter Review
Priority: -- → P1
Whiteboard: sb+
(Assignee)

Updated

a year ago
Attachment #8938471 - Flags: review?(bobowencode)
Attachment #8938471 - Flags: review?(bobowencode) → review+
(Assignee)

Updated

a year ago
Keywords: checkin-needed

Comment 2

a year ago
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cafa6e286cc5
Use restricting SIDs in Windows NPAPI process r=bobowen
Keywords: checkin-needed

Comment 3

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/cafa6e286cc5
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
(Assignee)

Updated

a year ago
See Also: → 1449388
(Assignee)

Updated

a year ago
See Also: → 1450773
Depends on: 1449388
See Also: 1449388
[Tracking Requested - why for this release]:
Adobe is currently testing their fix in thier beta with plans to ship it in September. We will ship our part of the fix in 64 and will likely uplift to 63. We will not ship in 62.  

Note, we shouln't count on the September release by Adobe, sometimes they pull things from release if they find issues in beta.
Not sure whether we should be reopening this or tracking re-enabling in a new bug... reopening for now (bug 1450773 made this change nightly-only).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla60 → ---
(In reply to Jim Mathies [:jimm] from comment #4)
> [Tracking Requested - why for this release]:
> Adobe is currently testing their fix in thier beta with plans to ship it in
> September. We will ship our part of the fix in 64 and will likely uplift to
> 63. We will not ship in 62.  
> 
> Note, we shouln't count on the September release by Adobe, sometimes they
> pull things from release if they find issues in beta.

Update on this, Adobe shipped later, so we're now targeting uplift to 63 beta with first landing in 64.
ni?self as a reminder to set 64 tracking flag when it's available.
Flags: needinfo?(jcristau)
Flags: needinfo?(jcristau)
Depends on: 1488439
(Assignee)

Comment 8

6 months ago
Allow NPAPI sandbox to use restricting SIDs.  This hardens the plugin sandbox.
(Assignee)

Comment 9

6 months ago
Bob, I just need you to carry over the ancient r+ from Splinter.
(Assignee)

Comment 10

6 months ago
Ooh, just noticed phabricator did that automatically.  Joy.
(Assignee)

Comment 11

6 months ago
Got sidetracked by bug 1498831.  Thanks to Bob for ignoring my last comment and r+ing.  Since 1498831 looks good (no failures in the last 24 hours), I think it is (finally!) time to land this.
(Assignee)

Updated

6 months ago
Attachment #8938471 - Attachment is obsolete: true

Comment 12

6 months ago
Pushed by davidp99@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/9b976167b45a
Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen)

Comment 13

6 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/9b976167b45a
Status: REOPENED → RESOLVED
Last Resolved: a year ago6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Depends on: 1505482
You need to log in before you can comment on or make changes to this bug.