Closed
Bug 1507291
Opened 6 years ago
Closed 6 years ago
Remove the concept of machine_only policies (they don't work like we thought)
Categories
(Firefox :: Enterprise Policies, enhancement, P1)
Firefox
Enterprise Policies
Tracking
()
VERIFIED
FIXED
Firefox 65
People
(Reporter: mkaply, Assigned: mkaply)
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
When we came up with machine_only policies, we thought we were solving a problem where applications without admin privileges could write to the HKEY_CURRENT_USER part of registry. While this is generally true, it is NOT true about HKEY_CURRENT_USER\Software\Policies. It is only writable by administrators. So our machine_only doesn't add any additional protection. See discussion here: https://github.com/mozilla/policy-templates/issues/286#issuecomment-436886413 (And I have verified this)
Assignee | ||
Updated•6 years ago
|
Priority: -- → P1
Assignee | ||
Comment 1•6 years ago
|
||
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/49bac5821786 Remove concept of machine_only policies. r=Felipe,flod
Comment 3•6 years ago
|
||
Backed out Backout link: https://hg.mozilla.org/integration/autoland/rev/4f54c06663d5fbf546d0c7be5acf710060d28972 Push link: https://hg.mozilla.org/integration/autoland/rev/49bac582178687862538a0f2f9e5663156d2ba70 Log link: https://treeherder.mozilla.org/logviewer.html#?job_id=212047661&repo=autoland&lineNumber=295
Flags: needinfo?(mozilla)
Comment 4•6 years ago
|
||
^^ Backed out for Linting failure on WindowsGPOParser.jsm
Assignee | ||
Comment 5•6 years ago
|
||
I wonder why phabricator didn't catch the linting error.
Flags: needinfo?(mozilla)
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/cec3c30f287b Remove concept of machine_only policies. r=Felipe,flod
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/cec3c30f287b
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Assignee | ||
Comment 8•6 years ago
|
||
Comment on attachment 9025170 [details] Bug 1507291 - Remove concept of machine_only policies. [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: None User impact if declined: Can't set certain policies Is this code covered by automated tests?: No Has the fix been verified in Nightly?: No Needs manual test from QE?: No If yes, steps to reproduce: List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): This is just removing a concept that come to find out isn't needed. Would be nice to get it done as quick as possible so as not to force people to use machine policy unnecessarily. String changes made/needed:
Attachment #9025170 -
Flags: approval-mozilla-beta?
Comment 9•6 years ago
|
||
Can you attach a patch for uplift that doesn't touch the ftl files?
Flags: needinfo?(mozilla)
Comment 10•6 years ago
|
||
Comment on attachment 9025170 [details] Bug 1507291 - Remove concept of machine_only policies. [Triage Comment] Per IRC discussion with Julien, taking it for 64.0b11 with FTL changes removed from the uplift.
Flags: needinfo?(mozilla)
Attachment #9025170 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 11•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/27727035c0de
status-firefox64:
--- → fixed
Updated•6 years ago
|
Flags: qe-verify+
Comment 12•6 years ago
|
||
As per comment 8 and further discussion with Mike, this bug does not need any further investigation and any special verification from QA. Based on that I'm closing this ticket as verified fixed.
Status: RESOLVED → VERIFIED
Flags: qe-verify+
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•