Alex Gaynor
52d69a63ca
Bug 1421372 - simplify the macOS content sandbox rules by splitting the file process rules out; r=haik
...
MozReview-Commit-ID: GJukCOAyE10
--HG--
extra : rebase_source : 7bfdd02482d45e72a785ec2abe2260577238406d
2017-11-28 14:06:06 -05:00
Gabriele Svelto
80fbb39861
Bug 1402519 - Remove MOZ_CRASHREPORTER directives from security; r=ttaubert
...
MozReview-Commit-ID: CfPBvffjEhq
--HG--
extra : rebase_source : 51c522746b48f0819b926607ceebf7d070df4ffd
2017-10-10 15:25:39 +02:00
Bob Owen
ef5af7b0b1
Bug 1366701 Part 2: Roll-up patch to apply remaining mozilla changes to chromium sandbox. r=tabraldes,aklotz,jimm,bobowen
...
Patches re-applied from security/sandbox/chromium-shim/patches/after_update/.
See patch files for additional commit comments.
2014-11-29 17:12:18 +00:00
Bob Owen
6bd2ddcccd
Bug 1366701 Part 1: Roll-up of chromium sandbox update and mozilla patches to get a running browser. r=jld,aklotz,jimm,bobowen
...
This updates security/sandbox/chromium/ files to chromium commit 937db09514e061d7983e90e0c448cfa61680f605.
Additional patches re-applied from security/sandbox/chromium-shim/patches/with_update/ to give a compiling and mostly working browser.
See patch files for additional commit comments.
2017-10-26 15:10:41 +01:00
Alex Gaynor
de761e28e1
Bug 1419811 - allow file content processes to access the com.apple.iconservices service; r=Gijs,haik
...
Directory listing for file URLs needs access to draw icons for files.
MozReview-Commit-ID: KIEx00gB5ia
--HG--
extra : rebase_source : 16aadb2f008f40233a2147dea384d9ed33310cb7
2017-11-22 11:51:32 -06:00
Gian-Carlo Pascutto
34be833347
Bug 1416016 - Add ../config to the sandbox whitelist for older Mesa. r=jld
...
MozReview-Commit-ID: KahivmVJR1l
--HG--
extra : rebase_source : 7d77f0ee77813a1214cfa5bc618b57c3208443c3
2017-11-17 15:23:28 +01:00
Gian-Carlo Pascutto
c979b7a21f
Bug 1416808 - Add "$XDG_DATA_(HOME|DIRS)"/fonts to the sandbox whitelist. r=jld
...
MozReview-Commit-ID: DwwltKQg8x4
--HG--
extra : rebase_source : e92b60e320bb26e66bfb38039f141ec83a34fff7
2017-11-17 15:45:11 +01:00
Bob Owen
5a64c2aeb7
Bug 1417959: Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm
2017-11-16 18:10:00 +00:00
Jonathan Kew
304ec4c15e
Bug 1417420 - Add the path used by FontAgent to the sandbox rules on macOS. r=haik
2017-11-15 17:59:44 +00:00
Jed Davis
873f611a48
Bug 1401786 - Move the Linux sandboxing parts of GeckoChildProcessHost into security/sandbox. r=gcp
...
MozReview-Commit-ID: JknJhF5umZc
--HG--
extra : rebase_source : 2fa246e9a8b350becc21ed5bfd69820d3a321064
2017-10-06 17:15:46 -06:00
Alex Gaynor
af821e1fe3
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : b9130f522e860e6a582933799a9bac07b771139b
2017-06-01 10:38:22 -04:00
shindli
897ae925f7
Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE
...
Backed out changeset 00edc1ac58f9 (bug 1365257)
--HG--
extra : rebase_source : d33f3bba71d1899e0f4a5051369c240e00ea42fe
2017-11-10 19:23:58 +02:00
Alex Gaynor
31e67fc86a
Bug 1365257 - Further consolidate the configuration of the content sandbox; r=gcp
...
This patch moves handling of the "MOZ_DISABLE_CONTENT_SANDBOX" environment
variable into GetEffectiveContentSandboxLevel. It also introduces
IsContentSandboxEnabled and ports many users of GetEffectiveContentSandboxLevel
to use it.
MozReview-Commit-ID: 4CsOf89vlRB
--HG--
extra : rebase_source : 10234bd7d837eae8dc915e4a0c0a37040fd0a280
2017-06-01 10:38:22 -04:00
Bob Owen
cd430d0c58
Bug 1415250 Part 1: Block prntm64.dll and guard32.dll in sandboxed child processes. r=jimm
2017-11-08 08:06:14 +00:00
Jed Davis
0b91cda795
Bug 1413312 - Fix media plugin sandbox policy for sched_get_priority_{min,max}. r=gcp
...
MozReview-Commit-ID: Bz4EWU13HAJ
--HG--
extra : rebase_source : 848880e083827a6f40e6ba289a5357ff6b4fa5f6
2017-10-31 18:12:43 -06:00
Jed Davis
de1cbf125f
Bug 1412464 - Change sandboxing inotify denial from seccomp-bpf to symbol interception. r=gcp
...
MozReview-Commit-ID: DY0qdGYGNdL
--HG--
extra : rebase_source : 02448ea28e8c1ea0d25776455d9ebb30d829b482
2017-10-30 19:45:39 -06:00
Jed Davis
a2451f13e5
Bug 1412480 - Statically check for overly large syscall arguments. r=gcp
...
See the previous patch for an explanation of the mistake that this is
meant to catch.
Note that, even for arguments that really are 64-bit on 32-bit platforms
(typically off_t), it's generally not safe to pass them directly to
syscall(): some architectures, like ARM, use ABIs that require such
arguments to be passed in aligned register pairs, and they'll be aligned
differently for syscall() vs. the actual system call due to the leading
system call number argument. The syscall(2) man page discusses this
and documents that such arguments should be split into high/low halves,
passed separately, and manually padded.
Therefore, this patch rejects any argument types larger than a word.
MozReview-Commit-ID: FVhpri4zcWk
--HG--
extra : rebase_source : 0329fe68be2a4e16fb71736627f0190e005c9972
2017-10-27 19:51:26 -06:00
Jed Davis
6d4b2907e1
Bug 1412480 - Fix syscall argument types in seccomp-bpf sandbox traps. r=gcp
...
The values in arch_seccomp_data::args are uint64_t even on 32-bit
platforms, and syscall takes varargs, so the arguments need to be
explicitly cast to the word size in order to be passed correctly.
MozReview-Commit-ID: 5ldv6WbL2Z3
--HG--
extra : rebase_source : c6ef37d8b367ad6025e510e58e6ab4d2f96cfc9e
2017-10-27 20:51:25 -06:00
Sebastian Hengst
1133016f04
Backed out 6 changesets (bug 1386404
) for XPCshell failures, at least on Linux. r=backout on a CLOSED TREE
...
Backed out changeset c80acdea24c1 (bug 1386404
)
Backed out changeset 6224ffae752a (bug 1386404
)
Backed out changeset 9eba087cf64a (bug 1386404
)
Backed out changeset eac6eb517096 (bug 1386404
)
Backed out changeset 802a00ea50e7 (bug 1386404
)
Backed out changeset d7f697bac6ef (bug 1386404
)
2017-11-03 20:28:00 +01:00
Gian-Carlo Pascutto
859dfba3ed
Bug 1386404
- Whitelist the prefix used by the XPCOM leak logs. r=haik
...
MozReview-Commit-ID: HI68lvyJIPQ
--HG--
extra : rebase_source : 95804e003ae2cde2b4baa1f5d1bba43d2d0830b5
2017-11-03 13:18:56 +01:00
Gian-Carlo Pascutto
9dd0bca893
Bug 1386404
- Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : b7fe3ad6317fafa382a2ad38c7d9d5338aeafc9b
2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
12fb914457
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : 821381f48b822415ae3d477341071099e7c1db54
2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
88fc2f8563
Bug 1386404
- Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 38bd2a2ffc593bf94b3c16f0c755d169d5998f7f
2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
fff36a228d
Bug 1386404
- Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : 083bf3d52e228ce953d31ef997f969a0e4a562ec
2017-10-12 11:18:25 +02:00
Haik Aftandilian
a6836496b3
Bug 1403260 - [Mac] Remove access to print server from content process sandbox. r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 8a6859d411b332aca404bb6a78b91cdae6b498c0
2017-10-30 11:14:08 -07:00
Sebastian Hengst
6979ea37b4
merge mozilla-central to autoland. r=merge a=merge
2017-10-30 23:58:16 +01:00
Bob Owen
e67fce9b1f
Bug 1412827: Add Symantec DLLs ffm64 and ffm to the sandboxed child blocklist. r=jimm
...
This patch also adds k7pswsen.dll unconditionally as it is still appearing
in many crash reports despite the block working in a test VM.
2017-10-30 16:28:26 +00:00
Jed Davis
6557099666
Bug 1411115 - Allow F_SETLK fcntl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: ARc7EpfN73o
--HG--
extra : rebase_source : 21c35a65a7c45387e2bd7fd7aba5f82ecf7c9ab3
2017-10-27 18:05:53 -06:00
Jed Davis
ee247f0d5f
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : e6065c91ddb271b71b5577ca0d6c39349565724c
2017-10-27 19:32:37 -06:00
Jed Davis
27d4543313
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 2f51310f19cff45313cafd2bdcc60f2999b729b3
2017-10-25 12:43:13 -06:00
Sebastian Hengst
d67d120cc4
Backed out 4 changesets (bug 1386404
) for mass failures, e.g. in browser-chrome's dom/tests/browser/browser_xhr_sandbox.js. r=backout on a CLOSED TREE
...
Backed out changeset 36556e1a5ac7 (bug 1386404
)
Backed out changeset b136f90dc49f (bug 1386404
)
Backed out changeset 4600c2d575f9 (bug 1386404
)
Backed out changeset c2c40e4d9815 (bug 1386404
)
2017-10-30 19:10:01 +01:00
Gian-Carlo Pascutto
3d94d8e8e1
Bug 1386404
- Only do the tmp remapping if needed. r=jld
...
This helps with getting the tests that are running out of /tmp
to pass, who get confused if their paths change underneath them.
It's also a bit faster.
MozReview-Commit-ID: CWtngVNhA0t
--HG--
extra : rebase_source : 304481a18c371c3253448971f48064bcbd681a81
2017-10-26 18:02:10 +02:00
Gian-Carlo Pascutto
577b3a7731
Bug 1386404
- Intercept access to /tmp and rewrite to content process tempdir. r=jld
...
MozReview-Commit-ID: 2h9hw6opYof
--HG--
extra : rebase_source : f3121d7afff22e3f72c66e3a5553e731a83a2e1c
2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6a66615d8d
Bug 1386404
- Enable access to the entire chrome dir from content. r=jld
...
This may be required if people have @import in their userContent.css, and
in any case our tests check for this.
MozReview-Commit-ID: 8uJcWiC2rli
--HG--
extra : rebase_source : 3542ea305aabaca0500d66f8e86f5c12170d793e
2017-10-26 18:57:03 +02:00
Gian-Carlo Pascutto
802f1b9395
Bug 1386404
- Enable content-process specific tmpdir on Linux. r=haik
...
MozReview-Commit-ID: 6Hijq0to9MG
--HG--
extra : rebase_source : c7a3559e4cbdfd1885d13a489c4eeb311ca973fa
2017-10-12 11:18:25 +02:00
Attila Craciun
21363323fd
Backed out 2 changesets (bug 1409900) for failing browser chrome on Linux opt at browser/base/content/test/general/browser_bug590206.js r=backout a=backout.
...
Backed out changeset 83296a355dd4 (bug 1409900)
Backed out changeset 072007f83431 (bug 1409900)
2017-10-27 16:15:47 +03:00
Jed Davis
76b1bdf7de
Bug 1408497 - Disallow inotify in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: nKyIvMNQAt
--HG--
extra : rebase_source : 5347e8da745d6f4a0cd4e81e76fe6b94d94eac30
2017-10-25 13:35:47 -06:00
Jed Davis
5f10d1f416
Bug 1409900 - Handle sandboxed statfs() by replacing it with open+fstatfs. r=gcp
...
MozReview-Commit-ID: 4Q0XMWcxaAc
--HG--
extra : rebase_source : 6bd36df3155fc5cdda67720e313028a68e2f0901
2017-10-25 13:08:26 -06:00
Jed Davis
fce1017953
Bug 1409900 - Disallow quotactl in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: 3svUgLLTZKL
--HG--
extra : rebase_source : 54623b48c65a1319905cab5aa520928681ec0023
2017-10-25 12:43:13 -06:00
Jed Davis
160e1dcfe0
Bug 1410191 - Correctly handle errors when using syscalls in sandbox trap handlers. r=gcp
...
MozReview-Commit-ID: JX81xpNBMIm
--HG--
extra : rebase_source : c7334f3e0b61b4fb4e0305cc6fc5d3173d08c032
2017-10-25 16:38:20 -06:00
Jed Davis
b8aa6b6de9
Bug 1410241 - Don't call destructors on objects we use in the SIGSYS handler. r=gcp
...
MozReview-Commit-ID: LAgORUSvDh9
--HG--
extra : rebase_source : b39836ebb7405202c60b075b30b48966ac644e71
2017-10-25 17:58:22 -06:00
Jed Davis
aa4363afaa
Bug 1410280 - Re-allow PR_GET_NAME for sandboxed content processes. r=gcp
...
This prctl is used by PulseAudio; once bug 1394163 is resolved, allowing
it can be made conditional on the media.cubeb.sandbox pref.
MozReview-Commit-ID: 6jAM65V32vK
--HG--
extra : rebase_source : abb039aff7cefc0aa3b95f4574fdf1e3fb0d93a6
2017-10-25 11:04:34 -06:00
Phil Ringnalda
a173b09db6
Backed out changeset ccc0e72f2152 (bug 1403260) for hanging Mac browser-chrome in printing tests
...
MozReview-Commit-ID: IZNT5Jh8nzB
2017-10-25 23:00:17 -07:00
Haik Aftandilian
362316451f
Bug 1403260 - [Mac] Remove access to print server from content process sandbox r=mconley
...
MozReview-Commit-ID: Ia21je8TTIg
--HG--
extra : rebase_source : 656e9e3ac8d1fb741d46881458bb0b7fb402d688
2017-10-22 23:02:58 -07:00
Jed Davis
9bac6e88bd
Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp
...
MozReview-Commit-ID: BDBTwlT82mf
--HG--
extra : rebase_source : 9036abfb23768e7b17181fbc680692468d66ccd0
2017-07-24 17:33:07 -06:00
Haik Aftandilian
90adeb05d8
Bug 1404919 - Whitelist Extensis Suitcase Fusion fontvaults and /System/Library/Fonts. r=Alex_Gaynor
...
MozReview-Commit-ID: 5UaqiHBKd90
--HG--
extra : rebase_source : 3497f97815d57e9e3fa0cc13482af5d0d81cfd87
2017-10-12 18:29:42 -07:00
Sebastian Hengst
32f7c8fec3
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: 1h3kZyrtqSt
2017-10-17 11:45:16 +02:00
Matthew Gregan
28e8f43756
Bug 1408821 - Allow FIONBIO ioctl from the content sandbox. r=jld
...
--HG--
extra : rebase_source : c6a1b525bc7d9207583200fd5d5059a8155b889f
2017-10-16 14:54:46 +13:00
Sebastian Hengst
f7efb5fc2c
Merge mozilla-central to mozilla-inbound. r=merge a=merge on a CLOSED TREE
2017-10-12 12:03:15 +02:00
Jim Mathies
17a6cb2cbf
Bug 1407766 - Remove symantec dlls from the content process dll blocklist due to process startup issues associated with symantec av products. r=bobowen
...
MozReview-Commit-ID: JMOIptO2y7F
2017-10-11 18:00:18 -05:00