Closed Bug 1772952 Opened 3 years ago Closed 3 years ago

Port bug 1562756: Drop the com.apple.security.cs.allow-dyld-environment-variables

Categories

(Thunderbird :: Upstream Synchronization, task)

Product:
Thunderbird
Component:
Upstream Synchronization
Platform:
Desktop
macOS
Type:
task

Tracking

(thunderbird_esr102 fixed, thunderbird102 unaffected)

Status:
RESOLVED FIXED
Milestone:
103 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 --- fixed
thunderbird102 --- unaffected

People

(Reporter: rjl, Assigned: rjl)

References

Details

Attachments

(1 file)

Bug 1772952 - Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr102+
Details | Review
No description provided.
Assignee: nobody → rob
Status: NEW → ASSIGNED
Attachment #9279960 - Attachment description: WIP: Bug 1772952 - Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers → Bug 1772952 - Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers
status-thunderbird102: --- → unaffected
status-thunderbird_esr102: --- → unaffected
Keywords: checkin-needed-tb
Target Milestone: --- → 103 Branch

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/e86e4b46473a
Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers,mkmelin

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9279960 [details]
Bug 1772952 - Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers

[Approval Request Comment]
The fix provides a security improvement preventing Thunderbird from loading third-party and possibly malicious dylibs via DYLD environment variables.
Firefox is uplifting bug 1562756 to FF 102.1esr, Thunderbird should do so as well.

Regression caused by (bug #): N/A
User impact if declined: No user-visible impact. Thunderbird will continue to allow loading of third-party and possibly malicious dylibs.
Testing completed (on c-c, etc.): Landed in milestone 103, so has gone through most of a beta cycle
Risk to taking this patch (and alternatives if risky): The change is only to Thunderbird entitlement files and blocks use of DYLD environment variables which we don't use on production builds.

Attachment #9279960 - Flags: approval-comm-esr102?

Comment on attachment 9279960 [details]
Bug 1772952 - Port bug 1562756: [macOS] Disable allow-dyld-environment-variables entitlement. r=#thunderbird-reviewers

[Triage Comment]
Approved for esr102

Attachment #9279960 - Flags: approval-comm-esr102? → approval-comm-esr102+

Thunderbird 102.1.0:
https://hg.mozilla.org/releases/comm-esr102/rev/0c253000133a

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: