mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
620 452 коммитов 615 Ветки 98 Теги 5,7 GiB
Граф коммитов

229 Коммитов

Автор SHA1 Сообщение Дата
Cosmin Sabou 34354a47b3 Backed out changeset 35bae18d7d67 (bug 1499899) for build bustages on updater.cpp. 2018-10-24 03:42:05 +03:00
Jeff Gilbert 33599f7ed3 Bug 1499899 - Fix some win64 clang-cl -Wunused-* warnings. r=waldo 
Differential Revision: https://phabricator.services.mozilla.com/D9052

MozReview-Commit-ID: BJjNqGqO5Bd
 2018-10-23 17:38:56 -07:00
Chris Martin deeb744526 Bug 1496364 - Minor refactor to stop uninitialized variable warning r=handyman 
The compiler warns that jobLevel is uninitialized if none of the if-else
conditions are true. Simply replacing the leading assert with a
"else crash" tells the compiler that case will never actually happen.

Differential Revision: https://phabricator.services.mozilla.com/D8841

--HG--
extra : moz-landing-system : lando
 2018-10-18 19:14:05 +00:00
David Parks 8ad763743e Bug 1426733: Use restricting SIDs in Windows NPAPI process sandbox (r=bobowen) 
Allow NPAPI sandbox to use restricting SIDs.  This hardens the plugin sandbox.

Differential Revision: https://phabricator.services.mozilla.com/D8746

--HG--
extra : moz-landing-system : lando
 2018-10-18 16:27:56 +00:00
David Parks 99e17d748f Bug 1488439: Part 1 - Replace Windows temp folder in sandboxed plugin process (r=bobowen,erahm) 
The sandbox blocks GetTempFileName's prior response, causing the system to end up searching a number of (inaccessible) folders to use as a replacement for the temp folder.  This patch provides a path to a new folder on the command line for the plugin process.  This new temp folder, specific to this plugin process instance, is then communicated to the system via the TEMP/TMP environment variables.  This is similar to what is done for the content process but avoids nsDirectoryService, which doesn't exist in plugin processes.

Differential Revision: https://phabricator.services.mozilla.com/D7532

--HG--
extra : moz-landing-system : lando
 2018-10-12 22:36:22 +00:00
Coroiu Cristina 4224edc453 Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE 
Backed out changeset 74b2087ee696 (bug 1488439)
Backed out changeset 85575fc37555 (bug 1488439)
 2018-10-12 21:00:41 +03:00
David Parks 1ad569c6b1 Bug 1488439: Part 1 - Replace Windows temp folder in sandboxed plugin process (r=bobowen,erahm) 
The sandbox blocks GetTempFileName's prior response, causing the system to end up searching a number of (inaccessible) folders to use as a replacement for the temp folder.  This patch provides a path to a new folder on the command line for the plugin process.  This new temp folder, specific to this plugin process instance, is then communicated to the system via the TEMP/TMP environment variables.  This is similar to what is done for the content process but avoids nsDirectoryService, which doesn't exist in plugin processes.

Differential Revision: https://phabricator.services.mozilla.com/D7532

--HG--
extra : moz-landing-system : lando
 2018-10-12 17:40:10 +00:00
Jim Mathies 494b622f3f Bug 1497643 - Enable Chromium sandbox option MITIGATION_IMAGE_LOAD_PREFER_SYS32 for content processes. r=bowen 2018-10-11 09:23:03 -05:00
Masatoshi Kimura 3b21b7868b Bug 1090497 - Re-enable warnings as errors on clang-cl. r=froydnj 
--HG--
extra : rebase_source : c09366fb93e5b0f72abe1e99d3094e3d96a934fb
extra : intermediate-source : 5950c9d63c3b4fd63a25464a7b50944aaec7079f
extra : source : ca1b9a2bcc4381795f556fea2fb59066567c30f3
 2018-07-31 22:10:07 +09:00
Aaron Klotz fab8ec82c6 Bug 1460022: Part 9 - Update sandboxing code to work with revised DLL interceptor interface; r=bobowen 2018-06-27 11:51:29 -06:00
shindli dd50d1646e Backed out 13 changesets (bug 1460022) for bustages in :/build/build/src/mozglue/tests/interceptor/TestDllInterceptor.cpp(113) on a CLOSED TREE 
Backed out changeset b798c3689bbf (bug 1460022)
Backed out changeset c3b3b854affd (bug 1460022)
Backed out changeset ecb1b6fd3134 (bug 1460022)
Backed out changeset 91fed649dd5a (bug 1460022)
Backed out changeset be7032cddad2 (bug 1460022)
Backed out changeset d4a036b976e6 (bug 1460022)
Backed out changeset 5f3dfde41e38 (bug 1460022)
Backed out changeset a16486a6f685 (bug 1460022)
Backed out changeset 69eacc5c3ab8 (bug 1460022)
Backed out changeset 34aa7c29b31e (bug 1460022)
Backed out changeset 00b20c0a7637 (bug 1460022)
Backed out changeset b8e8aea4a01f (bug 1460022)
Backed out changeset 15822d9848d8 (bug 1460022)
 2018-07-04 03:37:11 +03:00
Aaron Klotz a65c046384 Bug 1460022: Part 9 - Update sandboxing code to work with revised DLL interceptor interface; r=bobowen 2018-06-27 11:51:29 -06:00
shindli dcc88f33f9 Backed out 13 changesets (bug 1460022) for bustages in builds/worker/workspace/build/src/dom/plugins/ipc/FunctionHook.h💯24 on a CLOSED TREE 
Backed out changeset 0734142a3f35 (bug 1460022)
Backed out changeset 18fbfa7ca685 (bug 1460022)
Backed out changeset 2df129bd5692 (bug 1460022)
Backed out changeset 02a7ed68933f (bug 1460022)
Backed out changeset 221137d1c2de (bug 1460022)
Backed out changeset 9cb0b7a15402 (bug 1460022)
Backed out changeset 18f8f85c0307 (bug 1460022)
Backed out changeset 867a1351efff (bug 1460022)
Backed out changeset 933e0b698f8e (bug 1460022)
Backed out changeset 09da660071e1 (bug 1460022)
Backed out changeset 8bb5142d3f53 (bug 1460022)
Backed out changeset 0ddf581bdaac (bug 1460022)
Backed out changeset 1cd5f9b4a6af (bug 1460022)
 2018-07-04 02:49:24 +03:00
Aaron Klotz ca2a5b7f5d Bug 1460022: Part 9 - Update sandboxing code to work with revised DLL interceptor interface; r=bobowen 
--HG--
extra : rebase_source : 03daf9a71dbeb6e27699dad0030a8baf831cbb56
 2018-06-27 11:51:29 -06:00
Bob Owen df78972f84 Bug 1453929: Enable handle verifier on 32-bit EARLY_BETA_OR_EARLIER. r=jimm 2018-04-14 20:24:07 +01:00
Bob Owen 74c27857c7 Bug 1453639: Call InitializeHandleVerifier before other sandbox calls. r=jimm 2018-04-13 08:42:56 +01:00
Bob Owen aaef814fdc Bug 1452090: Only enable handle verifier on 32-bit Nightly and debug builds. r=jimm 
This also adds the ability to enable it using the environement variable
MOZ_ENABLE_HANDLE_VERIFIER.
 2018-04-09 19:22:28 +01:00
David Parks 6a70261b2b Bug 1450773 - Remove restricting SIDs from NPAPI sandbox outside of nightly builds. r=bobowen 
Restricting SIDs, which harden the sandbox, have caused some problems that we are investigating in nightly and that we don't want in beta/release.
 2018-04-02 15:27:07 -07:00
Bob Owen 039665fa5e Bug 1447019 Part 3: Use MITIGATION_WIN32K_DISABLE for GMP processes based on a pref. r=jimm 2018-03-27 14:09:32 +01:00
Bob Owen 41ce6696f9 Bug 1447019 Part 2: Move running from a network drive check into WinUtils. r=jimm 2018-03-27 14:09:32 +01:00
Bob Owen f2f76a9b94 Bug 1445614: Only warn when SetAlternateDesktop fails. r=jimm 2018-03-14 18:39:36 +00:00
Bob Owen 8efbee5948 Bug 1441801 Part 2: Fix line endings in sandboxBroker.cpp. r=jimm 2018-03-01 14:37:26 +00:00
Bob Owen be5a4dadac Bug 1441801 Part 1: Stop using the chromium sandbox DLL blocking mechanism on Nightly. r=jimm 2018-03-01 14:37:25 +00:00
David Parks 9a797c5ce2 Bug 1415160: Part 2 - Add mitigations to plugin process if not running from network drive r=bobowen 
Adds MITIGATION_IMAGE_LOAD_NO_REMOTE and MITIGATION_IMAGE_LOAD_NO_LOW_LABEL to the plugin process if we aren't running from a networked drive.  The same condition applies to these mitigations in the content process.

--HG--
extra : rebase_source : b61f91f3e56f6b4930a03331b7791a9173857518
 2017-12-21 12:36:02 -08:00
David Parks 90d62139c0 Bug 1415160: Part 1 - Enable new NPAPI Windows Process Mitigations; r=bobowen 
Enables new process mitigations that have been included from Chromium upstream.

--HG--
extra : rebase_source : 8997bef9c6a6c660b39e68ebfabf90f4de162bca
 2017-12-20 22:58:26 -08:00
Alex Gaynor 0d04153faf Bug 1407693 - Part 1 - Expose method for sharing a HANDLE to a child process in the sandboxing API; r=bobowen 
MozReview-Commit-ID: 3LBCzPS6Mzg

--HG--
extra : rebase_source : 7e1ea157eeea5810ad21d781e93b7046aebf2bd6
 2017-11-27 14:34:48 -06:00
Andreea Pavel 93f2f80c9d Backed out 2 changesets (bug 1407693) for windows mingw32 bustages at /builds/worker/workspace/build/src/ipc/glue/GeckoChildProcessHost.cpp:1032 on a CLOSED TREE 
Backed out changeset 9c3346021c21 (bug 1407693)
Backed out changeset f18e1e557cf6 (bug 1407693)
 2018-02-07 21:42:47 +02:00
Alex Gaynor fe879d087a Bug 1407693 - Part 1 - Expose method for sharing a HANDLE to a child process in the sandboxing API; r=bobowen 
MozReview-Commit-ID: 3LBCzPS6Mzg

--HG--
extra : rebase_source : 70b31bde82bfd3721b75cc9dc7171b2c1efc5f9f
 2017-11-27 14:34:48 -06:00
David Parks 312f33b8c5 Bug 1426733: Use restricting SIDs in Windows NPAPI process r=bobowen 
Allow NPAPI sandbox to use restricting SIDs.

--HG--
extra : rebase_source : be53cfa3b05bd6d0f5b24b8f4f0b41e623d40e9a
 2017-12-20 21:35:26 -08:00
Bob Owen 251c705683 Bug 1434292: Only use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL flag for pdfium process when not running from a network drive. r=jimm 2018-01-31 08:56:11 +00:00
Bob Owen 70c724a921 Bug 1434276: Use MITIGATION_EXTENSION_POINT_DISABLE flag for GMP process. r=jimm 2018-01-31 08:56:11 +00:00
Bob Owen af97855568 Bug 1433065: Make the Chromium sandbox DLL blocking Nightly only. r=jimm 2018-01-25 15:33:55 +00:00
Bob Owen 29a3f48beb Backed out changeset 541ea4baacba (bug 1433065) - due to missing variable in non-Nightly 2018-01-25 15:33:55 +00:00
Bob Owen 9281954b93 Bug 1433065: Make the Chromium sandbox DLL blocking Nightly only. r=jimm 2018-01-25 13:31:40 +00:00
Gian-Carlo Pascutto e5687f9731 Bug 1430118 - Look for log file names in the passed environment. r=bobowen 
MozReview-Commit-ID: HVUDYoEwjCd

--HG--
extra : rebase_source : 4121114558901489cd3954f433fe70bdea32a683
 2018-01-17 09:54:48 +01:00
Gian-Carlo Pascutto 61cf15cc85 Bug 1297740. r=jld 2018-01-08 10:07:16 +01:00
Coroiu Cristina ebae541f60 Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE 
Backed out changeset e2501f2e295e (bug 1297740)
 2018-01-06 00:59:25 +02:00
Gian-Carlo Pascutto 3178a4003d Bug 1297740. r=jld 
--HG--
extra : rebase_source : 1d7bd987eed365bf442ed7eb856d8413af3205dc
 2018-01-04 15:37:33 +01:00
Csoregi Natalia c88d4f8c83 Backed out changeset 3bdd7743f057 (bug 1297740) for Build Bustage. r=backout on a CLOSED TREE 2017-12-21 16:21:48 +02:00
Gian-Carlo Pascutto 6821480454 Bug 1297740. r=jld 
--HG--
extra : rebase_source : 5531d3902fc5916d9d205ed13d7d5c062bef8b27
 2017-12-07 16:36:10 +01:00
cku 07e7f9f727 Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt 
MozReview-Commit-ID: 6ED7EPZvOMR

--HG--
extra : rebase_source : d8ddd2bb3551cf25c0f18151c4340e1f48d659ca
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
 2017-10-18 20:52:45 +08:00
Bob Owen e19c11cd2a Bug 1423296: Don't use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL when running from a network drive. r=jimm 2017-12-08 19:00:54 +00:00
Bogdan Tara e882c9b394 Backed out 22 changesets (bug 1399787) for failing on mozmake.EXE r=backout a=backout on a CLOSED TREE 
Backed out changeset 0afbd07d8219 (bug 1399787)
Backed out changeset 80c062fd58fb (bug 1399787)
Backed out changeset b1457eabd34e (bug 1399787)
Backed out changeset d875e45f591e (bug 1399787)
Backed out changeset 8f600ac930ec (bug 1399787)
Backed out changeset c478fb75f5cb (bug 1399787)
Backed out changeset c995f4e18724 (bug 1399787)
Backed out changeset 0b75ef19e695 (bug 1399787)
Backed out changeset 2382a348a6c1 (bug 1399787)
Backed out changeset 93f9a5e253d8 (bug 1399787)
Backed out changeset 5c50bbde0950 (bug 1399787)
Backed out changeset 67e530c129c7 (bug 1399787)
Backed out changeset 682c60e52749 (bug 1399787)
Backed out changeset ff1436ae1ef7 (bug 1399787)
Backed out changeset cb3ae1dc20b2 (bug 1399787)
Backed out changeset bc52b1781641 (bug 1399787)
Backed out changeset d165846cb5e1 (bug 1399787)
Backed out changeset 185368267354 (bug 1399787)
Backed out changeset c385d0f60f8a (bug 1399787)
Backed out changeset 364b5b44932b (bug 1399787)
Backed out changeset 98758e79710d (bug 1399787)
Backed out changeset d56497aa5390 (bug 1399787)
 2017-12-07 19:16:08 +02:00
cku fe99eaf1f9 Bug 1399787 - Part 9. Sandbox the PDFium process. r=bobowen,jwatt 
MozReview-Commit-ID: 6ED7EPZvOMR

--HG--
extra : rebase_source : 5dbc1330a355e01a3a40e8145b35556cd27f0394
extra : intermediate-source : d90c5064d88a6468c1209f4a78ec7631592eec98
extra : source : 91b761e38efd28a69647c38531f5418fffee8f50
 2017-10-18 20:52:45 +08:00
Bob Owen 8ba04e79f9 Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz 2017-12-07 09:07:43 +00:00
Bob Owen 6bd2ddcccd Bug 1366701 Part 1: Roll-up of chromium sandbox update and mozilla patches to get a running browser. r=jld,aklotz,jimm,bobowen 
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.

Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
 2017-10-26 15:10:41 +01:00
Bob Owen 5a64c2aeb7 Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm 2017-11-16 18:10:00 +00:00
Bob Owen cd430d0c58 Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm 2017-11-08 08:06:14 +00:00
Bob Owen e67fce9b1f Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm 
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
 2017-10-30 16:28:26 +00:00
Sebastian Hengst f7efb5fc2c Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE 2017-10-12 12:03:15 +02:00