Closed Bug 1428175 Opened 6 years ago Closed 6 years ago

Disable SAB in Fennec

Categories

(Firefox for Android Graveyard :: General, enhancement)

Product:
Firefox for Android Graveyard
Component:
General
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: snorp, Assigned: keeler)

References

Details

Attachments

(3 files, 1 obsolete file)

patch
3.58 KB, patch
snorp
: review+
Details | Diff | Splinter Review
hotfix-v20180104.01.xpi
1.30 KB, application/octet-stream
Details
hotfix-v20180104.01.xpi signed
5.22 KB, application/x-xpinstall
Details 
Similar to bug 1423225, we need to disable SharedArrayBuffer in Fennec to mitigate fallout from the Meltdown and Spectre exploits.
Attached patch patchSplinter Review 
Let me know if I should also get review from anyone else.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8939971 - Flags: review?(snorp)
Does this need to be a hidden bug? We've had a blog post and a security advisory and shipped 57.0.4 with this same fix. IIUI this hotfix would only be needed by folks who hadn't yet updated Fennec itself (app updates are often only enabled when connected via wifi).
Flags: needinfo?(snorp)
Keywords: sec-other
Attachment #8939971 - Flags: review?(snorp) → review+
We're ready to ship this to Fennec 55 & 56 users. Could either :gchang or :sylvestre get the hotfix process going for this when ready?
Flags: needinfo?(sledru)
Flags: needinfo?(gchang)
Ioana, could you please help with that? Thanks!
Flags: needinfo?(sledru) → needinfo?(ioana.chiorean)
I tried the hotfix on:

- Fennec Nightly 59 
-- changed in about:config the pref xpinstall.signatures.required to false 
-- allow and download the addon 
-- check in about:config the pref javascript.options.shared_memory is changed

- For Fennec 58 and 56 (and all bellow too) (as per Selena's request/commnent) 
-- you get an error message and you are not able to open the addon (with or without pref xpinstall changes)
-- after discussing with Keeler he mentioned we need a signed version for it.
Flags: needinfo?(ioana.chiorean)
Oh, I didn't realize that it was signed...

Robert, could you please sign it? Thanks (not sure if you are the right person)
Flags: needinfo?(rhelmer)
(In reply to Sylvestre Ledru [:sylvestre] from comment #8)
> Oh, I didn't realize that it was signed...
> 
> Robert, could you please sign it? Thanks (not sure if you are the right
> person)

I don't have access to sign these, but more importantly Fennec does not support system add-on updates as far as I am aware (bug 1260213)

It may still support the old Hotfix Add-on https://wiki.mozilla.org/Add-ons/Hotfix
Flags: needinfo?(rhelmer) → needinfo?(sledru)
(In reply to Robert Helmer [:rhelmer] from comment #9)
> (In reply to Sylvestre Ledru [:sylvestre] from comment #8)
> > Oh, I didn't realize that it was signed...
> > 
> > Robert, could you please sign it? Thanks (not sure if you are the right
> > person)
> 
> I don't have access to sign these, but more importantly Fennec does not
> support system add-on updates as far as I am aware (bug 1260213)
> 
> It may still support the old Hotfix Add-on
> https://wiki.mozilla.org/Add-ons/Hotfix

This is a Hotfix, and is supported by Fennec. The wiki page doesn't mention who can sign these. Do we need someone from the Add-ons team?
Flags: needinfo?(rhelmer)
Ah, I found https://wiki.mozilla.org/Add-ons/Hotfix#Deployment. Working through it.
Flags: needinfo?(rhelmer)
I'm trying to stage the hotfix on AMO, but there's a problem: legacy add-ons don't work on 57 and above unless they're signed with the cert that we use for system add-ons. I don't think we created an equivalent exception for the hotfix, so a far as I understand it, the hotfix won't install on 57.

I can force the signing in case it's worth giving it a shot.
Flags: needinfo?(sdeckelmann)
(In reply to Jorge Villalobos [:jorgev] from comment #12)
> I'm trying to stage the hotfix on AMO, but there's a problem: legacy add-ons
> don't work on 57 and above unless they're signed with the cert that we use
> for system add-ons. I don't think we created an equivalent exception for the
> hotfix, so a far as I understand it, the hotfix won't install on 57.
> 
> I can force the signing in case it's worth giving it a shot.

That's ok. We only want/need this for 55/56. 57 has the change already shipped.
Flags: needinfo?(sdeckelmann)
Hi Keeler,

Turns out that we need maxVersion should be 56.*. Can you make that change? 

Thanks!
Flags: needinfo?(dkeeler)
Ioana -- Could you please retest? We're only interested in Fennec 55/56 behavior, and that it doesn't work on 57.
Flags: needinfo?(ioana.chiorean)
Tried with Fennec 55, 55.0.2, 56
- changed in about:config the pref xpinstall.signatures.required to false 
- allow and download the addon
- addon is installed 
- check in about:config the pref javascript.options.shared_memory is changed 

All good here!
Flags: needinfo?(ioana.chiorean)
Relman team has review this and it's something we need to do. Once QA sign offs are green, we should be good to go.
Is anything else needed beyond comment #9? I can publish the hotfix as soon as we're good.
Flags: needinfo?(rkothari)
(In reply to Jorge Villalobos [:jorgev] from comment #21)
> Is anything else needed beyond comment #9? I can publish the hotfix as soon
> as we're good.

Did you mean a comment 20?
Flags: needinfo?(jorge)
I meant comment #19, since that appeared to cover QA for the staged block.
Flags: needinfo?(jorge)
(In reply to Jorge Villalobos [:jorgev] from comment #21)
> Is anything else needed beyond comment #9? I can publish the hotfix as soon
> as we're good.

IF the QA sign offs are good, please go ahead and push this hotfix out. Thanks!
Flags: needinfo?(rkothari)
One last thing: the file attached on this bug hasn't been signed. Per https://wiki.mozilla.org/Add-ons/Hotfix#Signatures, the hotfix needs a special signature in order to be automatically updated in Firefox. I don't know if this is also the case for Android.

David, do you know if Firefox for Android also checks for that signature? Wei, can you look into signing the file in comment #16?
Flags: needinfo?(wezhou)
Flags: needinfo?(dkeeler)
I'm fairly sure Firefox for Android requires hotfixes to be signed (particularly going by comment 19).
Flags: needinfo?(dkeeler)
Please see attached.
Flags: needinfo?(wezhou)
The new version of the hotfix is now live.
Flags: needinfo?(gchang)
Flags: needinfo?(snorp)
Whoops, meant to actually comment -- I think we can unhide this bug now since the fix is live and the vulns have been disclosed, etc.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Keywords: sec-other
Resolution: --- → FIXED
Group: mozilla-employee-confidential
Group: firefox-core-security
Status: RESOLVED → VERIFIED
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: