1952926 - Enable MITIGATION_WIN32K_DISABLE and MITIGATION_DYNAMIC_CODE_DISABLE flags for compatible GMP processes for release.

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, enhancement, P1)

Description

[Bob Owen (:bobowen)]

In bug 1950112 these two mitigations were enabled for compatible GMPs, this is to enable for other branches and uplift.

Comment 1

[Bob Owen (:bobowen)]

Attachment: Bug 1952926: Enable win32k lockdown and ACG for compatible GMP processes for release. r=gcp!

Comment 2

[Pulsebot]

Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/47ecf5b4ba03
Enable win32k lockdown and ACG for compatible GMP processes for release. r=gcp

Comment 3

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/47ecf5b4ba03

Comment 4

[Bob Owen (:bobowen)]

Attachment: Bug 1952926: Enable win32k lockdown and ACG for compatible GMP processes for release. r=gcp!

Original Revision: https://phabricator.services.mozilla.com/D240895

Comment 5

[Phabricator Automation]

beta Uplift Approval Request

• User impact if declined: They won't get the process sandbox improvements for some GMP types.
• Code covered by automated testing: yes
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing: n/a
• Risk associated with taking this patch: Low
• Explanation of risk level: openh264 doesn't have automated tests, but has been manually in Nightly with improved sandbox.
• String changes made/needed: None
• Is Android affected?: no

Comment 6

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-beta/rev/32c42164dd7c