Closed Bug 923256 Opened 11 years ago Closed 11 years ago

Enable JS symbol exporting in B2G

Categories

(Firefox OS Graveyard :: GonkIntegration, defect)

Product:
Firefox OS Graveyard
Component:
GonkIntegration
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: m1, Assigned: m1)

References

(Depends on 1 open bug)

Details

Attachments

(1 file)

a.patch
727 bytes, patch
benjamin
: review+
Details | Diff | Splinter Review 
+++ This bug was initially created as a clone of Bug #920731 +++

B2G partners make use of the XPCOM bundled extension facility, and some of these extensions rely on the JSAPI.  It would be lovely to get away from using the JSAPI but it's not feasible at the moment.  Please note that these are not at all the same as third-party add-ons in Firefox that bug 920731 was directed towards.  These bundled extensions that are burned into the commercial ROM like Gonk.
Attached patch a.patchSplinter Review 
Assignee: nobody → mvines
Status: NEW → ASSIGNED

        Attachment #813249 -
        Flags: review?(mh+mozilla)

        Attachment #813249 -
        Flags: review?(mh+mozilla) → review?(benjamin)

    
    

    
  
> These bundled extensions that are burned into the commercial ROM like Gonk.

This is actually really incredibly scary.  It means that us shipping Gecko security fixes can break those extensions!

Furthermore, the chance that these extensions are using JSAPI correctly is vanishingly small.  Hard to confirm that without access to the source, of course...

> but it's not feasible at the moment.

Why not?  What can we do to get there?  I'd consider the current situation you describe a critical security bug....
Flags: needinfo?(mvines)

    
    

    
  
(In reply to Boris Zbarsky [:bz] from comment #2)
> This is actually really incredibly scary.  It means that us shipping Gecko
> security fixes can break those extensions!

Gecko security fixes must go through the device manufacturer, Mozilla doesn't deploy Gecko updates independently to B2G devices.  Now that would be incredibly scary!

> > but it's not feasible at the moment.
> 
> Why not?  What can we do to get there?  

It is not a hard technical problem, just a time/resource issue.  This is effort that could, and should, be scheduled but at this point our tree is burning.  If this is something that Mozilla would like to disable for B2G we need some runway to de-JSAPI stuff first.  FxOS v1.3 would be an acceptable release to target.
Flags: needinfo?(mvines)

    
    

    
  
> Gecko security fixes must go through the device manufacturer,

Yes, but are they auditing their JSAPI usage continuously against all those security fixes?

> we need some runway to de-JSAPI stuff first.

That seems reasonable, sure.  I'd just like us to make sure this actually happens.  Again, experience shows that any time someone writes JSAPI code it _will_ be buggy.  Usually exploitably so.

    
    

    
  
(In reply to Boris Zbarsky [:bz] from comment #4)
> > Gecko security fixes must go through the device manufacturer,
> 
> Yes, but are they auditing their JSAPI usage continuously against all those
> security fixes?

I seriously doubt it.  But this may be a larger discussion than this bug (yet is absolutely worthwhile having)!  


> > we need some runway to de-JSAPI stuff first.
> 
> That seems reasonable, sure.  I'd just like us to make sure this actually
> happens.  Again, experience shows that any time someone writes JSAPI code it
> _will_ be buggy.  Usually exploitably so.

How about this plan:
1) We fix this bug to get us green again.
2) I'll create a new bug to revert this bug.  It will be marked blocking-b2g:v1.3+ and I will be the assignee.
3) Once we remove the JSAPI dependencies over here, I'll fix the bug in #2.
4) If #3 doesn't happen soon enough, b2g-release-drivers will find the #2 bug due to it's blocking-b2g state and start harassing me.

    
    

    
  
That plan sounds great.  Thank you!

    
    

    
  
(Wow, I wasn't even aware of bug 920731, but that is fantastic to hear.)

Closed-source b2g binary extensions sound like a recipe for epic disasters, not just limited to JSAPI.  Are there mozilla people involved in auditing/advising the authors?

    
    

    
  
Comment on attachment 813249 [details] [diff] [review]
a.patch

r=me for the temporary reversion to status-quo. The plan outlined here does seem important, to the point even of preventing any binary extensions including XPCOM.

        Attachment #813249 -
        Flags: review?(benjamin) → review+

    
    

    
  
Thanks.  It turns out that our exposure was pretty minimal, so we'll just make that change right away and short step comment 5.

We do plan to continue using binary XPCOM extensions in FxOS for the foreseeable future so I'd be more than happy to get on a call/vidyo sometime to discuss any concerns/etc.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: