The default bug view has changed. See this FAQ.

Relax mandatory __exposedProps__ for jetpack until we can automatically repack

RESOLVED FIXED in mozilla17

Status

()

Core
XPConnect
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

unspecified
mozilla17
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

It sounds like we should ameliorate the situation with jetpack post bug 553102 until SDK repacks are automatic. My thinking is to revert to the old behavior when the global of the object being wrapped is a sandbox. Gabor, Blake, does this sound like a reasonable heuristic for detecting jetpack?
Created attachment 653622 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v1
Attachment #653622 - Flags: review?(gal)

Comment 2

5 years ago
Comment on attachment 653622 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v1

Review of attachment 653622 [details] [diff] [review]:
-----------------------------------------------------------------

This is pretty magical code. There might be other sandboxes around. I guess its good enough for a temporary hack though.
Attachment #653622 - Flags: review?(gal) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/61e9eaf9aae2
crap. I thought I tested it but I realized I didn't link the build, so the push is busted. Hopefully it gets coalesced with the backout:

https://hg.mozilla.org/integration/mozilla-inbound/rev/ee70e70fb7f8
Created attachment 653663 [details] [diff] [review]
Relax __exposedProps__ check for sandboxes until we can repack AMO addons. v2

Enter a compartment this time.
Attachment #653622 - Attachment is obsolete: true
Attachment #653663 - Flags: review?(gal)

Updated

5 years ago
Attachment #653663 - Flags: review?(gal) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/6f955c140b60
https://hg.mozilla.org/mozilla-central/rev/6f955c140b60
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
Alex, gabor - what's the status on addon repacking? I'd really like to close this security footgun up for good.
(In reply to Bobby Holley (:bholley) from comment #8)
> Alex, gabor - what's the status on addon repacking? I'd really like to close
> this security footgun up for good.

The state of re-packing is that we're trying to figure out if we can re-pack and replace the add-ons we know we can reliably re-pack. This requires some co-ordination with the AMO team. We'll also need to work with them to identify and re-set the compatibility of a large number of add-ons so that they cannot be installed into whatever version this fix goes into.
Thanks for the update. :-) Is there a bug I can follow?
You need to log in before you can comment on or make changes to this bug.