Last Comment Bug 784233 - Relax mandatory __exposedProps__ for jetpack until we can automatically repack
: Relax mandatory __exposedProps__ for jetpack until we can automatically repack
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: unspecified
: All All
: -- normal (vote)
: mozilla17
Assigned To: Bobby Holley (:bholley) (busy with Stylo)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-20 18:51 PDT by Bobby Holley (:bholley) (busy with Stylo)
Modified: 2012-10-15 15:45 PDT (History)
6 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v1 (3.68 KB, patch)
2012-08-20 19:01 PDT, Bobby Holley (:bholley) (busy with Stylo)
gal: review+
Details | Diff | Splinter Review
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v2 (4.41 KB, patch)
2012-08-20 23:14 PDT, Bobby Holley (:bholley) (busy with Stylo)
gal: review+
Details | Diff | Splinter Review

Description Bobby Holley (:bholley) (busy with Stylo) 2012-08-20 18:51:21 PDT
It sounds like we should ameliorate the situation with jetpack post bug 553102 until SDK repacks are automatic. My thinking is to revert to the old behavior when the global of the object being wrapped is a sandbox. Gabor, Blake, does this sound like a reasonable heuristic for detecting jetpack?
Comment 1 Bobby Holley (:bholley) (busy with Stylo) 2012-08-20 19:01:24 PDT
Created attachment 653622 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v1
Comment 2 Andreas Gal :gal 2012-08-20 19:17:53 PDT
Comment on attachment 653622 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v1

Review of attachment 653622 [details] [diff] [review]:
-----------------------------------------------------------------

This is pretty magical code. There might be other sandboxes around. I guess its good enough for a temporary hack though.
Comment 3 Bobby Holley (:bholley) (busy with Stylo) 2012-08-20 21:05:33 PDT
https://hg.mozilla.org/integration/mozilla-inbound/rev/61e9eaf9aae2
Comment 4 Bobby Holley (:bholley) (busy with Stylo) 2012-08-20 21:08:18 PDT
crap. I thought I tested it but I realized I didn't link the build, so the push is busted. Hopefully it gets coalesced with the backout:

https://hg.mozilla.org/integration/mozilla-inbound/rev/ee70e70fb7f8
Comment 5 Bobby Holley (:bholley) (busy with Stylo) 2012-08-20 23:14:39 PDT
Created attachment 653663 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v2

Enter a compartment this time.
Comment 6 Bobby Holley (:bholley) (busy with Stylo) 2012-08-21 10:28:00 PDT
https://hg.mozilla.org/integration/mozilla-inbound/rev/6f955c140b60
Comment 7 Ryan VanderMeulen [:RyanVM] 2012-08-21 19:09:14 PDT
https://hg.mozilla.org/mozilla-central/rev/6f955c140b60
Comment 8 Bobby Holley (:bholley) (busy with Stylo) 2012-10-03 02:58:58 PDT
Alex, gabor - what's the status on addon repacking? I'd really like to close this security footgun up for good.
Comment 9 Jeff Griffiths (:canuckistani) (:⚡︎) 2012-10-15 14:20:11 PDT
(In reply to Bobby Holley (:bholley) from comment #8)
> Alex, gabor - what's the status on addon repacking? I'd really like to close
> this security footgun up for good.

The state of re-packing is that we're trying to figure out if we can re-pack and replace the add-ons we know we can reliably re-pack. This requires some co-ordination with the AMO team. We'll also need to work with them to identify and re-set the compatibility of a large number of add-ons so that they cannot be installed into whatever version this fix goes into.
Comment 10 Bobby Holley (:bholley) (busy with Stylo) 2012-10-15 15:45:58 PDT
Thanks for the update. :-) Is there a bug I can follow?

Note You need to log in before you can comment on or make changes to this bug.