Enable restricting SIDs in NPAPI process

RESOLVED FIXED in Firefox 64

Status

()

enhancement
P1
normal
RESOLVED FIXED
2 years ago
7 months ago

People

(Reporter: handyman, Assigned: handyman)

Tracking

unspecified
mozilla64
Unspecified
Windows
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 disabled, firefox60 disabled, firefox61 disabled, firefox62 disabled, firefox63- disabled, firefox64+ fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment, 1 obsolete attachment)

This can land when bug 1382251 does.
Assignee

Updated

2 years ago
Depends on: 1382251
Posted patch Enable SIDs in NPAPI proc (obsolete) — Splinter Review
Priority: -- → P1
Whiteboard: sb+
Assignee

Updated

2 years ago
Attachment #8938471 - Flags: review?(bobowencode)

Updated

2 years ago
Attachment #8938471 - Flags: review?(bobowencode) → review+

Comment 2

Last year
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cafa6e286cc5
Use restricting SIDs in Windows NPAPI process r=bobowen
Keywords: checkin-needed

Comment 3

Last year
bugherder
https://hg.mozilla.org/mozilla-central/rev/cafa6e286cc5
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
See Also: → 1449388
See Also: → 1450773
Depends on: 1449388
See Also: 1449388

Comment 4

10 months ago
[Tracking Requested - why for this release]:
Adobe is currently testing their fix in thier beta with plans to ship it in September. We will ship our part of the fix in 64 and will likely uplift to 63. We will not ship in 62.  

Note, we shouln't count on the September release by Adobe, sometimes they pull things from release if they find issues in beta.
Not sure whether we should be reopening this or tracking re-enabling in a new bug... reopening for now (bug 1450773 made this change nightly-only).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla60 → ---

Comment 6

10 months ago
(In reply to Jim Mathies [:jimm] from comment #4)
> [Tracking Requested - why for this release]:
> Adobe is currently testing their fix in thier beta with plans to ship it in
> September. We will ship our part of the fix in 64 and will likely uplift to
> 63. We will not ship in 62.  
> 
> Note, we shouln't count on the September release by Adobe, sometimes they
> pull things from release if they find issues in beta.

Update on this, Adobe shipped later, so we're now targeting uplift to 63 beta with first landing in 64.
ni?self as a reminder to set 64 tracking flag when it's available.
Flags: needinfo?(jcristau)
Flags: needinfo?(jcristau)
Depends on: 1488439
Assignee

Comment 8

8 months ago
Allow NPAPI sandbox to use restricting SIDs.  This hardens the plugin sandbox.
Assignee

Comment 9

8 months ago
Bob, I just need you to carry over the ancient r+ from Splinter.
Ooh, just noticed phabricator did that automatically.  Joy.
Got sidetracked by bug 1498831.  Thanks to Bob for ignoring my last comment and r+ing.  Since 1498831 looks good (no failures in the last 24 hours), I think it is (finally!) time to land this.
Assignee

Updated

8 months ago
Attachment #8938471 - Attachment is obsolete: true

Comment 12

8 months ago
Pushed by davidp99@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/9b976167b45a
Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen)

Comment 13

8 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/9b976167b45a
Status: REOPENED → RESOLVED
Closed: Last year8 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Depends on: 1505482
You need to log in before you can comment on or make changes to this bug.