--enable-content-sandbox-reporter by default

RESOLVED FIXED in mozilla30

Status

()

defect
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: jld, Assigned: jld)

Tracking

Trunk
mozilla30
ARM
Gonk (Firefox OS)
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Currently we use gonk-misc/default-gecko-config to add --enable-content-sandbox-reporter on b2g eng builds, but I feel that we'd want the crash reporter integration on production builds as well, so that if any sandboxing oversights make it past testing we'll be aware of that instead of not.

Consensus seems to be that not immediately killing the process isn't a significant change in security — in particular, the seccomp filter program is public, so being able to probe it by catching the SIGSYS isn't useful.
Trying: https://tbpl.mozilla.org/?tree=Try&rev=dd3a4274c75b

Tested locally with a userdebug build (and a modified seccomp_filter.h).
Attachment #8386473 - Flags: review?(khuey)
Attachment #8386473 - Flags: review?(gdestuynder)
https://hg.mozilla.org/mozilla-central/rev/c0b60e7ec860
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.