Closed Bug 979590 Opened 7 years ago Closed 7 years ago

--enable-content-sandbox-reporter by default

Categories

(Core :: Security, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla30

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file)

Currently we use gonk-misc/default-gecko-config to add --enable-content-sandbox-reporter on b2g eng builds, but I feel that we'd want the crash reporter integration on production builds as well, so that if any sandboxing oversights make it past testing we'll be aware of that instead of not.

Consensus seems to be that not immediately killing the process isn't a significant change in security — in particular, the seccomp filter program is public, so being able to probe it by catching the SIGSYS isn't useful.
Trying: https://tbpl.mozilla.org/?tree=Try&rev=dd3a4274c75b

Tested locally with a userdebug build (and a modified seccomp_filter.h).
Attachment #8386473 - Flags: review?(khuey)
Attachment #8386473 - Flags: review?(gdestuynder)
Attachment #8386473 - Flags: review?(gdestuynder) → review+
https://hg.mozilla.org/mozilla-central/rev/c0b60e7ec860
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.