[Mac] Sandbox violation logging is always enabled with early startup
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox64 | --- | unaffected |
firefox65 | --- | fixed |
firefox66 | --- | fixed |
People
(Reporter: haik, Assigned: haik)
References
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-release+
|
Details | Review |
With early sandbox startup on Mac (current default on 65), sandbox violation is enabled by default. It should be disabled by default and only enabled when security.sandbox.logging.enabled=true in about:config or the environment variable MOZ_SANDBOX_LOGGING is set.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
For sandbox early startup, ensure violation logging is only enabled when the parent passes the -sbLogging flag.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
We will want to uplift this fix to 65 because enabling the violation logging can cause performance issues.
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f71ebb7632fb [Mac] Sandbox violation logging is always enabled with early startup r=Alex_Gaynor
Comment 4•5 years ago
|
||
bugherder |
Comment 5•5 years ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #2)
We will want to uplift this fix to 65 because enabling the violation logging
can cause performance issues.
This needs a release approval request ASAP if this is targeting 65. We're already in the RC phase.
Assignee | ||
Comment 6•5 years ago
|
||
Comment on attachment 9037653 [details]
Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r?Alex_Gaynor
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: Bug 1431441
User impact if declined: Mac-specific. Extra sandbox violation warnings will be logged in the system Console.app. The extra violation logging might cause some perf issues.
Is this code covered by automated tests?: No
Has the fix been verified in Nightly?: No
Needs manual test from QE?: No
If yes, steps to reproduce:
List of other uplifts needed: None
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): The change is very small and only affects sandbox violation logging on Mac.
String changes made/needed: None
Comment 7•5 years ago
|
||
https://hg.mozilla.org/projects/cedar/rev/f71ebb7632fb7e9e8f8514f377c12e9a52430da1 Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r=Alex_Gaynor
Comment 8•5 years ago
|
||
Comment on attachment 9037653 [details]
Bug 1521167 [Mac] Sandbox violation logging is always enabled with early startup r?Alex_Gaynor
[Triage Comment]
Turns off extra logging which can be a perf issue on macOS. Approved for 65.0 RC2.
Comment 9•5 years ago
|
||
bugherder uplift |
Updated•5 years ago
|
Description
•