Closed Bug 1426733 Opened 3 years ago Closed 2 years ago

Enable restricting SIDs in NPAPI process

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Unspecified
Windows
enhancement

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
firefox-esr60 --- disabled
firefox60 --- disabled
firefox61 --- disabled
firefox62 --- disabled
firefox63 - disabled
firefox64 + fixed

People

(Reporter: handyman, Assigned: handyman)

References

Details

(Whiteboard: sb+)

Attachments

(1 file, 1 obsolete file)

This can land when bug 1382251 does.
Depends on: 1382251
Priority: -- → P1
Whiteboard: sb+
Attachment #8938471 - Flags: review?(bobowencode)
Attachment #8938471 - Flags: review?(bobowencode) → review+
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/cafa6e286cc5
Use restricting SIDs in Windows NPAPI process r=bobowen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/cafa6e286cc5
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
See Also: → 1449388
See Also: → 1450773
Depends on: 1449388
See Also: 1449388
[Tracking Requested - why for this release]:
Adobe is currently testing their fix in thier beta with plans to ship it in September. We will ship our part of the fix in 64 and will likely uplift to 63. We will not ship in 62.  

Note, we shouln't count on the September release by Adobe, sometimes they pull things from release if they find issues in beta.
Not sure whether we should be reopening this or tracking re-enabling in a new bug... reopening for now (bug 1450773 made this change nightly-only).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla60 → ---
(In reply to Jim Mathies [:jimm] from comment #4)
> [Tracking Requested - why for this release]:
> Adobe is currently testing their fix in thier beta with plans to ship it in
> September. We will ship our part of the fix in 64 and will likely uplift to
> 63. We will not ship in 62.  
> 
> Note, we shouln't count on the September release by Adobe, sometimes they
> pull things from release if they find issues in beta.

Update on this, Adobe shipped later, so we're now targeting uplift to 63 beta with first landing in 64.
ni?self as a reminder to set 64 tracking flag when it's available.
Flags: needinfo?(jcristau)
Flags: needinfo?(jcristau)
Depends on: 1488439
Allow NPAPI sandbox to use restricting SIDs.  This hardens the plugin sandbox.
Bob, I just need you to carry over the ancient r+ from Splinter.
Ooh, just noticed phabricator did that automatically.  Joy.
Got sidetracked by bug 1498831.  Thanks to Bob for ignoring my last comment and r+ing.  Since 1498831 looks good (no failures in the last 24 hours), I think it is (finally!) time to land this.
Attachment #8938471 - Attachment is obsolete: true
Pushed by davidp99@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/9b976167b45a
Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen)
https://hg.mozilla.org/mozilla-central/rev/9b976167b45a
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Depends on: 1505482
You need to log in before you can comment on or make changes to this bug.