Closed Bug 1426733 Opened 7 years ago Closed 7 years ago

Enable restricting SIDs in NPAPI process

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla64
Tracking Flags:
Tracking Status
firefox-esr60 --- disabled
firefox60 --- disabled
firefox61 --- disabled
firefox62 --- disabled
firefox63 - disabled
firefox64 + fixed

People

(Reporter: handyman, Assigned: handyman)

References

Details

(Whiteboard: sb+)

Attachments

(1 file, 1 obsolete file)

Bug 1426733: Use restricting SIDs in Windows NPAPI process sandbox (r?bobowen)
46 bytes, text/x-phabricator-request
Details | Review
This can land when bug 1382251 does.
Depends on: 1382251
Attached patch Enable SIDs in NPAPI proc (obsolete) — Splinter Review
Priority: -- → P1
Whiteboard: sb+
Attachment #8938471 - Flags: review?(bobowencode)
Attachment #8938471 - Flags: review?(bobowencode) → review+
Keywords: checkin-needed
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/cafa6e286cc5 Use restricting SIDs in Windows NPAPI process r=bobowen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/cafa6e286cc5
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox60: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
See Also: → 1449388
See Also: → 1450773
Depends on: 1449388
See Also: 1449388
[Tracking Requested - why for this release]: Adobe is currently testing their fix in thier beta with plans to ship it in September. We will ship our part of the fix in 64 and will likely uplift to 63. We will not ship in 62. Note, we shouln't count on the September release by Adobe, sometimes they pull things from release if they find issues in beta.
tracking-firefox62: + → ---
tracking-firefox63: --- → ?
Not sure whether we should be reopening this or tracking re-enabling in a new bug... reopening for now (bug 1450773 made this change nightly-only).
Status: RESOLVED → REOPENED
status-firefox60: wontfixdisabled
status-firefox61: wontfixdisabled
status-firefox62: wontfixdisabled
status-firefox-esr60: --- → disabled
Resolution: FIXED → ---
Target Milestone: mozilla60 → ---
(In reply to Jim Mathies [:jimm] from comment #4) > [Tracking Requested - why for this release]: > Adobe is currently testing their fix in thier beta with plans to ship it in > September. We will ship our part of the fix in 64 and will likely uplift to > 63. We will not ship in 62. > > Note, we shouln't count on the September release by Adobe, sometimes they > pull things from release if they find issues in beta. Update on this, Adobe shipped later, so we're now targeting uplift to 63 beta with first landing in 64.
ni?self as a reminder to set 64 tracking flag when it's available.
status-firefox63: affecteddisabled
tracking-firefox63: +-
Flags: needinfo?(jcristau)
status-firefox64: --- → affected
tracking-firefox64: --- → +
Flags: needinfo?(jcristau)
Depends on: 1488439
Allow NPAPI sandbox to use restricting SIDs. This hardens the plugin sandbox.
Bob, I just need you to carry over the ancient r+ from Splinter.
Ooh, just noticed phabricator did that automatically. Joy.
Got sidetracked by bug 1498831. Thanks to Bob for ignoring my last comment and r+ing. Since 1498831 looks good (no failures in the last 24 hours), I think it is (finally!) time to land this.
Attachment #8938471 - Attachment is obsolete: true
Pushed by davidp99@gmail.com: https://hg.mozilla.org/integration/autoland/rev/9b976167b45a Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen)
https://hg.mozilla.org/mozilla-central/rev/9b976167b45a
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
status-firefox64: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Depends on: 1505482
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: