Closed Bug 1579323 Opened 3 months ago Closed 3 months ago

sandboxing can no longer be enabled on OpenBSD

Categories

(Core :: Security: Process Sandboxing, defect, P5)

69 Branch
x86_64
OpenBSD
defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr68 --- fixed
firefox69 --- wontfix
firefox70 --- fixed
firefox71 --- fixed

People

(Reporter: jcs, Assigned: jcs)

References

(Regression)

Details

Attachments

(1 file, 2 obsolete files)

Attached patch old-configure.in patch (obsolete) — Splinter Review

old-configure.in previously allowed MOZ_SANDBOX to be set to 1 on OpenBSD when --enable-sandbox was supplied.

This was broken by #1375863 which changed the logic for old-configure.in to explicitly disable MOZ_SANDBOX on non-Linux/Win/Darwin platforms even if --enable-sandbox was supplied.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: General → Security: Process Sandboxing
Product: Firefox → Core
Assignee: nobody → jcs
Status: UNCONFIRMED → NEW
Ever confirmed: true
Regressed by: 1375863
See Also: 1375863

mike, can you please r+ that ? I need it backported up to esr68.. and it seems we cant set r? anymore.

Attachment #9090910 - Attachment is obsolete: true
Attachment #9091064 - Flags: feedback?(mh+mozilla)

You lowercased the 'd':

"WINNT|Darwin|OpenBSd)"

Dammit. Thanks for spotting it..

Attachment #9091064 - Attachment is obsolete: true
Attachment #9091064 - Flags: feedback?(mh+mozilla)
Attachment #9091233 - Flags: feedback?(mh+mozilla)
Priority: -- → P5
Comment on attachment 9091233 [details] [diff] [review]
Reenable sandboxing by default on OpenBSD

Review of attachment 9091233 [details] [diff] [review]:
-----------------------------------------------------------------

r+ on behalf of froydnj
Attachment #9091233 - Flags: review+

< froydnj > gaston: r+ from me

Keywords: checkin-needed
Attachment #9091233 - Flags: feedback?(mh+mozilla)

Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f5846b25585f
Reenable sandbox by default on OpenBSD r=froydnj

Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Comment on attachment 9091233 [details] [diff] [review]
Reenable sandboxing by default on OpenBSD

Beta/Release Uplift Approval Request

  • User impact if declined: Failure to enable sandboxing when building on OpenBSD
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): NPOTB/tier3
  • String changes made/needed:
Attachment #9091233 - Flags: approval-mozilla-beta?

Comment on attachment 9091233 [details] [diff] [review]
Reenable sandboxing by default on OpenBSD

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Friendlier for downstream distributors on tier3
  • User impact if declined: Failure to enable sandboxing when building on OpenBSD
  • Fix Landed on Version: 71
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): NPOTB/tier3
  • String or UUID changes made by this patch:
Attachment #9091233 - Flags: approval-mozilla-esr68?
Comment on attachment 9091233 [details] [diff] [review]
Reenable sandboxing by default on OpenBSD

OpenBSD fix, NPOTB for Tier 1 platforms. Approved for 70.0b10 and 68.2esr.
Attachment #9091233 - Flags: approval-mozilla-esr68?
Attachment #9091233 - Flags: approval-mozilla-esr68+
Attachment #9091233 - Flags: approval-mozilla-beta?
Attachment #9091233 - Flags: approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.