Closed Bug 1452090 Opened 2 years ago Closed 2 years ago

Only enable handle verifier on 32-bit Nightly and debug builds

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

All
Windows
enhancement

Tracking

()

RESOLVED FIXED
mozilla61
Tracking Status
firefox-esr60 --- fixed
firefox61 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

Attachments

(1 file)

Chromium only currently enables this on x86 Canary, developer and debug builds.

This also adds hooks similar to chromium to monitor handle closing for non-verifier tracked handles, to catch where problems exist in other code.

We might want to turn this on for Beta at some point as our Nightly Win32 coverage is pretty poor.

I'm also adding an environment variable MOZ_ENABLE_HANDLE_VERIFIER, so it can be turned on for any build, which might prove useful.
This also adds the ability to enable it using the environement variable
MOZ_ENABLE_HANDLE_VERIFIER.
Attachment #8965701 - Flags: review?(jmathies)
Attachment #8965701 - Flags: review?(jmathies) → review+
Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d0c0f90a710d
Only enable handle verifier on 32-bit Nightly and debug builds. r=jimm
https://hg.mozilla.org/mozilla-central/rev/d0c0f90a710d
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Blocks: 1453639
Comment on attachment 8965701 [details] [diff] [review]
Only enable handle verifier on 32-bit Nightly and debug builds

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration:
The ActiveVerifier has caused a couple of different crashes.
Chrome don't have it turned on in Release for this reason and I've just realised that my patch to turn it off missed ESR.

User impact if declined:
Crashes associated with the ActiveVerifier will still occur and there is possibly some performance impact as well.

Fix Landed on Version:
Fx61

Risk to taking this patch (and alternatives if risky): 
Fairly low, while the patch does add some hooking code it is only actually used on Nightly.
The other change is just to not use the ActiveVerifier, which is diagnostic code to try and catch Windows Handle management issues, but can introduce its own crashes as well.
The diagnostic code would still crash either way round, so turning it off should only improve stability.

String or UUID changes made by this patch:
None.

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #8965701 - Flags: approval-mozilla-esr60?
Comment on attachment 8965701 [details] [diff] [review]
Only enable handle verifier on 32-bit Nightly and debug builds

Avoids crashes by not shipping code that was intended for pre-release audiences only. Approved for ESR 60.1.
Attachment #8965701 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
You need to log in before you can comment on or make changes to this bug.