Revive telemetry for SANDBOX_HAS_USER_NAMESPACES
Categories
(Core :: Security: Process Sandboxing, task)
Tracking
()
Tracking | Status | |
---|---|---|
firefox128 | --- | fixed |
People
(Reporter: jld, Assigned: gerard-majax)
References
Details
Attachments
(1 file)
The data collection for SANDBOX_HAS_USER_NAMESPACES
(testing whether we're permitted to use unprivileged user namespaces as a layer of sandboxing for a given install) was allowed to expire years ago because it seemed to be converging on effectively 100% — old distributions which didn't support the feature at all were receding into the past, and Debian and Arch both eventually switched to allowing it by default.
But, Ubuntu has recently taken a position against it (also a more technical overview), citing the continuing prevalence of local privilege escalation bugs exposed by unprivileged user namespaces (typically memory safety bugs in code which traditionally was usable only by the superuser) and is restricting access as of 23.10 and 24.04 LTS. That doesn't apply to Canonical's official Snap package of Firefox, and Mozilla's .deb
packages can add exemptions as needed, but it doesn't help if it's run from a tarball (or as a developer build). It's possible that other distributions might follow Ubuntu's lead or do something similar.
There's also Flatpak, which can be run on any distribution, and which denies unprivileged user namespaces for what I assume are similar reasons (it has its own sandboxing layer and runs each app inside a separate sandbox).
All things considered, it would be good to gather some data to see what the current situation is and monitor it for at least a little while.
Assignee | ||
Comment 2•7 days ago
|
||
It also means mach run
of a build will have different sandbox behavior .... ?
Assignee | ||
Comment 3•7 days ago
|
||
Pushed by alissy@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f8a915b7479a Re-enable userns telemetry r=gcp
Comment 5•6 days ago
|
||
bugherder |
Description
•