searching for reviewer(gcp)
c7e440ee02f8c4363bb421874076afc9e8d6e739: Bug 1329600 - Capture CPU usage on Linux - r=canaltinova,gcp
Gerald Squelart <gsquelart@mozilla.com> - Mon, 04 Jan 2021 11:37:46 +0000 - rev 561943
Push 38075 by dluca@mozilla.com at Tue, 05 Jan 2021 04:31:31 +0000
Bug 1329600 - Capture CPU usage on Linux - r=canaltinova,gcp Differential Revision: https://phabricator.services.mozilla.com/D99416
c50c5c214c4909cff583a362924c30bba234b3c9: Bug 1676804 - P3. Add testcase r=gcp
Dimi Lee <dlee@mozilla.com> - Wed, 09 Dec 2020 09:20:51 +0000 - rev 560133
Push 38019 by apavel@mozilla.com at Thu, 10 Dec 2020 15:59:12 +0000
Bug 1676804 - P3. Add testcase r=gcp Differential Revision: https://phabricator.services.mozilla.com/D98900
bf90a5835a156f735758b0bd468b84c65922784a: Bug 1676804 - P2. Safe Browsing canonicalization should escape # r=gcp
Dimi Lee <dlee@mozilla.com> - Wed, 09 Dec 2020 09:17:15 +0000 - rev 560132
Push 38019 by apavel@mozilla.com at Thu, 10 Dec 2020 15:59:12 +0000
Bug 1676804 - P2. Safe Browsing canonicalization should escape # r=gcp We didn't escape '#' as defined in the Safe Browsing spec "In the URL, percent-escape all characters that are <= ASCII 32, >= 127, "#", or "%". The escapes should use uppercase hex characters." See https://developers.google.com/safe-browsing/v4/urls-hashing Differential Revision: https://phabricator.services.mozilla.com/D98899
2e19e69edfcb7ef2ee735d945f14c02df8a652a4: Bug 1676804 - P1. Safe Browsing canonicalization should not include query string r=gcp
Dimi Lee <dlee@mozilla.com> - Wed, 09 Dec 2020 07:43:30 +0000 - rev 560131
Push 38019 by apavel@mozilla.com at Thu, 10 Dec 2020 15:59:12 +0000
Bug 1676804 - P1. Safe Browsing canonicalization should not include query string r=gcp In the Safe Browsing spec, it says "Do not apply these path canonicalizations to the query parameters.", we should follow it. Differential Revision: https://phabricator.services.mozilla.com/D98898
491fa5186e7fad1006a0681b12d369ca4502b97e: Bug 1678174 - Add remaining time64 syscalls to the Linux sandboxes. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 08 Dec 2020 01:02:18 +0000 - rev 559759
Push 38012 by dluca@mozilla.com at Tue, 08 Dec 2020 09:45:00 +0000
Bug 1678174 - Add remaining time64 syscalls to the Linux sandboxes. r=gcp 32-bit Linux architectures have gained new versions of every system call handling time values, to allow a transition to 64-bit time_t that will continue to work after the year 2038; newer versions of glibc will attempt them and fall back to the 32-bit path (without caching the failure, so at best we take the overhead of handling SIGSYS). This patch allows time64 syscalls in the same cases where we allow their time32 versions, including the restrictions on clockid_t to prevent interacting with other processes or threads of other processes. (I've confirmed that the argument types match otherwise, so it's safe to reuse the same policies.) Differential Revision: https://phabricator.services.mozilla.com/D98693
60066199c32b9ea7a6ade0fcb562ef0cecb6146c: Bug 1680166 - Return EFAULT when given a null path to stat* calls in the sandbox filter. r=gcp
Emilio Cobos Álvarez <emilio@crisal.io> - Wed, 02 Dec 2020 11:05:16 +0000 - rev 559032
Push 37997 by btara@mozilla.com at Wed, 02 Dec 2020 21:42:50 +0000
Bug 1680166 - Return EFAULT when given a null path to stat* calls in the sandbox filter. r=gcp It's a common way to check the existence of system calls. Glibc may fall back to fstatat when statx is called, passing down the null path. Since we handle fstatat, let's return -EFAULT the same way the real fstatat syscall would do. This is needed for the sandbox not to constantly crash due to this statx call in rustc: https://github.com/rust-lang/rust/blob/09c9c9f7da72b774cc445c0f56fc0b9792a49647/library/std/src/sys/unix/fs.rs#L119-L123 Differential Revision: https://phabricator.services.mozilla.com/D98414
933a59653c8cbc1caf636767a41e756ffae43866: Bug 1672367 - Block Digital Guardian's module older than 7.6. r=gcp
Toshihito Kikuchi <tkikuchi@mozilla.com> - Tue, 10 Nov 2020 13:21:18 +0000 - rev 556564
Push 37937 by csabou@mozilla.com at Tue, 10 Nov 2020 16:35:10 +0000
Bug 1672367 - Block Digital Guardian's module older than 7.6. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D96434
5ca9b886ee8cf8e281917f2bc22ca47e0778544e: Bug 1672936 - Do not show "report a detection problem" in Safe Browsing malware interstitial page r=flod,fluent-reviewers,gcp
Dimi Lee <dlee@mozilla.com> - Tue, 03 Nov 2020 10:44:31 +0000 - rev 555541
Push 37917 by ccoroiu@mozilla.com at Tue, 03 Nov 2020 16:00:38 +0000
Bug 1672936 - Do not show "report a detection problem" in Safe Browsing malware interstitial page r=flod,fluent-reviewers,gcp Differential Revision: https://phabricator.services.mozilla.com/D94574
086605072f7665a4ed60ce5dda3b5c8f7058b2e8: Bug 1673770 - Extend the handling of fstatat-as-fstat to sandboxes that don't use a file broker. r=gcp
Jed Davis <jld@mozilla.com> - Thu, 29 Oct 2020 17:41:28 +0000 - rev 555122
Push 37903 by apavel@mozilla.com at Fri, 30 Oct 2020 03:48:30 +0000
Bug 1673770 - Extend the handling of fstatat-as-fstat to sandboxes that don't use a file broker. r=gcp The fix for bug 1660901, to handle the subset of fstatat that is equivalent to fstat, was incomplete: it was added to the existing hook for the file broker, so processes that don't use a broker (like GMP) didn't get the fix. That wasn't a problem when the only use of that feature was in content processes via GTK, but now that glibc has reimplemented fstat that way, it's necessary for all processes. Differential Revision: https://phabricator.services.mozilla.com/D95108
63d29101d708226ee9256726b9b622046825aa8b: Bug 1673202 - Call fstat directly in Linux sandbox fstatat interception. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 27 Oct 2020 21:05:09 +0000 - rev 554799
Push 37898 by abutkovits@mozilla.com at Wed, 28 Oct 2020 09:24:21 +0000
Bug 1673202 - Call fstat directly in Linux sandbox fstatat interception. r=gcp Sandbox policies handle the case of `fstatat(fd, "", AT_EMPTY_PATH|...)` by invoking the SIGSYS handler (because seccomp-bpf can't tell if the string will be empty when the syscall would use it), which makes the equivalent call to `fstat`. Unfortunately, recent development versions of glibc implement `fstat` by calling `fstatat`, which causes unbounded recursion and stack overflow. (This depends on the headers present at build time; see the bug for more details.) This patch switches it to use the `fstat` (or `fstat64` on 32-bit) syscall directly. Differential Revision: https://phabricator.services.mozilla.com/D94798
1c7244c1d3b5dcc3a2e9e9f425c723ef42c99cd2: Bug 1672482 - Move getdents allowance to SandboxPolicyCommon. r=jld,gcp
Emilio Cobos Álvarez <emilio@crisal.io> - Fri, 23 Oct 2020 09:05:29 +0000 - rev 554168
Push 37889 by btara@mozilla.com at Fri, 23 Oct 2020 21:47:13 +0000
Bug 1672482 - Move getdents allowance to SandboxPolicyCommon. r=jld,gcp I think since it takes an FD this might be ok, but let me know if this somehow doesn't cut it and a more nuanced fix is needed. Since stuff like PR_GetNumberOfProcessors() uses it with some glibc versions, which is pretty basic functionality, we probably need to make it work in all processes. Differential Revision: https://phabricator.services.mozilla.com/D94358
705422df443e591fd3ca0216dd25e23d888d3d59: Bug 1595994 - P13. Enable ffvpx in RDD on linux. r=mattwoodrow,gcp
Jean-Yves Avenard <jyavenard@mozilla.com> - Tue, 20 Oct 2020 23:28:00 +0000 - rev 553748
Push 37881 by smolnar@mozilla.com at Wed, 21 Oct 2020 09:51:28 +0000
Bug 1595994 - P13. Enable ffvpx in RDD on linux. r=mattwoodrow,gcp Depends on D91689 Differential Revision: https://phabricator.services.mozilla.com/D91690
9e2328aa32aa03b92e22ddeadf8ee17c0ea59fef: Bug 1664922 - Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 07 Oct 2020 17:31:37 +0000 - rev 551934
Push 37843 by abutkovits@mozilla.com at Thu, 08 Oct 2020 09:49:50 +0000
Bug 1664922 - Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D90603
be90d6aec690e854f582f36b2c5c0b742b741af3: Bug 1664922 - Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp
Jed Davis <jld@mozilla.com> - Tue, 06 Oct 2020 20:21:32 +0000 - rev 551770
Push 37842 by apavel@mozilla.com at Wed, 07 Oct 2020 15:50:36 +0000
Bug 1664922 - Allow CPU information in the "utility" sandbox policy, for nsSystemInfo. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D90603
49e60e08ca4c41b35d3dcd685ca8de11c2c82fbb: Bug 1663550 - Enable sandbox on Linux/arm and Linux/arm64. r=gcp,glandium
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 20:53:19 +0000 - rev 550038
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Enable sandbox on Linux/arm and Linux/arm64. r=gcp,glandium Differential Revision: https://phabricator.services.mozilla.com/D90002
44f258418d94e4dacec6903aaa9dd975cf28d5ba: Bug 1663550 - Fix the alignment of the stack for the sandbox's clone() trampoline. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 20:48:02 +0000 - rev 550037
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Fix the alignment of the stack for the sandbox's clone() trampoline. r=gcp The ABI on ARM64 requires 16-byte stack alignment, and that includes the small temporary stack that exists only so that we can `longjmp` off of it in the child process after calling `clone`. Differential Revision: https://phabricator.services.mozilla.com/D90001
5cbea38d1301fa160fce35456ca8a7f30a467116: Bug 1663550 - Update sandbox policy for various syscalls obsoleted on Linux/arm64. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 20:23:22 +0000 - rev 550036
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Update sandbox policy for various syscalls obsoleted on Linux/arm64. r=gcp In addition to e.g. lacking `open` in favor of `openat`, Linux/arm64 also removes a number of older syscalls along similar lines, like `dup2` in favor of `dup3`, and all variants of `select` other than `pselect6`. Differential Revision: https://phabricator.services.mozilla.com/D90000
0f72af1970ca31383c42735431cef5338b54451f: Bug 1663550 - Implement brokering for the remaining `at` syscalls in the Linux sandbox. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 20:12:20 +0000 - rev 550035
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Implement brokering for the remaining `at` syscalls in the Linux sandbox. r=gcp Linux/arm64 omits syscalls that can be implemented in terms of newer syscalls by inserting constant arguments; this means that all of the basic filesystem operations use the `at` versions, like `unlinkat` replacing both `unlink` and `rmdir`. We've supported some of them when x86 libcs started using them, but there are several others we were missing; this patch adds them. Differential Revision: https://phabricator.services.mozilla.com/D89999
c625170a8755f059b250b22ce694ddc0206b9f9c: Bug 1663550 - Rearrange the broker glue to handle none of the non-`at` syscalls existing. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 19:45:52 +0000 - rev 550034
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Rearrange the broker glue to handle none of the non-`at` syscalls existing. r=gcp Linux/arm64 seems to exclude any syscalls that were redundant when it was created (specifically, that can be implemented in terms of another by inserting constant arguments), which includes all the of the non-`at` filesystem syscalls --- for example, `open` vs. `openat`. This patch rearranges ifdefs to handle that case; later patches will fill in the currently unhandled syscalls in the `at`-only side. Differential Revision: https://phabricator.services.mozilla.com/D89998
ce2a0215370382d82f88a5cbd279b4d1874c8c25: Bug 1663550 - Minor cleanups for Linux sandbox policy. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 19:01:32 +0000 - rev 550033
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Minor cleanups for Linux sandbox policy. r=gcp Not strictly part of ARM support, but worth committing, and in particular printing the `AT_*` flags in hex is helpful for matching them against headers when `*at` syscalls fail. Differential Revision: https://phabricator.services.mozilla.com/D89997
d91555bddbef296ef1f4295a2d44fcfa5bf12112: Bug 1663550 - Remove obsolete sandbox rule allowing utime(). r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 18:53:23 +0000 - rev 550032
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Remove obsolete sandbox rule allowing utime(). r=gcp We no longer use GConf (bug 1433685), so we can remove the sandbox rule allowing it to call utime(). That syscall doesn't exist on ARM or ARM64, so this rule would have to be ifdef'ed if it were re-added. Differential Revision: https://phabricator.services.mozilla.com/D89996
fa07b7780af5a4f20b941ab952a3b2a755f509bb: Bug 1663550 - Add "arm" and "arm64" architecture names to Linux sandbox telemetry. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 16 Sep 2020 18:52:52 +0000 - rev 550031
Push 37807 by dluca@mozilla.com at Thu, 24 Sep 2020 09:34:15 +0000
Bug 1663550 - Add "arm" and "arm64" architecture names to Linux sandbox telemetry. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D89995
56f6da03c7e352f53fa923b30f66dfdf09a34116: Bug 1660901 - Add some test cases for fstatat inside the content sandbox. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 28 Aug 2020 09:33:53 +0000 - rev 547086
Push 37744 by cbrindusan@mozilla.com at Tue, 01 Sep 2020 03:20:54 +0000
Bug 1660901 - Add some test cases for fstatat inside the content sandbox. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D88500
80baa04419c418c0d7d433d2fd2ca3effea1fba4: Bug 1660901 - Support the fstat-like subset of fstatat in the Linux sandbox policies. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 28 Aug 2020 09:23:58 +0000 - rev 547085
Push 37744 by cbrindusan@mozilla.com at Tue, 01 Sep 2020 03:20:54 +0000
Bug 1660901 - Support the fstat-like subset of fstatat in the Linux sandbox policies. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D88499
203adac4658d3fc8e4985ba5fc5e390711cb48ee: Bug 1657616 - Remove the link to StopBadware.org in SafeBrowsing interstitial page r=gcp,fluent-reviewers,flod
Dimi Lee <dlee@mozilla.com> - Fri, 07 Aug 2020 15:08:10 +0000 - rev 543793
Push 37681 by abutkovits@mozilla.com at Fri, 07 Aug 2020 21:36:18 +0000
Bug 1657616 - Remove the link to StopBadware.org in SafeBrowsing interstitial page r=gcp,fluent-reviewers,flod Differential Revision: https://phabricator.services.mozilla.com/D86321
b0ea8d83462fe713c8f104608a6b04004d02ae38: Bug 1657616 - Remove the link to StopBadware.org in SafeBrowsing interstitial page r=gcp,fluent-reviewers,flod
Dimi Lee <dlee@mozilla.com> - Fri, 07 Aug 2020 14:31:47 +0000 - rev 543787
Push 37681 by abutkovits@mozilla.com at Fri, 07 Aug 2020 21:36:18 +0000
Bug 1657616 - Remove the link to StopBadware.org in SafeBrowsing interstitial page r=gcp,fluent-reviewers,flod Differential Revision: https://phabricator.services.mozilla.com/D86321
11689ad9792d489324f35907bc24f06c5d8cb6e6: Bug 1642729 - P6: Save images in a dictionary r=gcp
Chun-Min Chang <chun.m.chang@gmail.com> - Wed, 29 Jul 2020 15:59:58 +0000 - rev 542631
Push 37653 by btara@mozilla.com at Thu, 30 Jul 2020 21:54:52 +0000
Bug 1642729 - P6: Save images in a dictionary r=gcp Saving the temporary files under a dictionary without world/group-execute permissions Differential Revision: https://phabricator.services.mozilla.com/D85076
467aa64be96256d0e3b8379b84a38d5a845face0: Bug 1642729 - P5: Set the permission of the temporary file to 600 r=gcp
Chun-Min Chang <chun.m.chang@gmail.com> - Wed, 29 Jul 2020 15:59:56 +0000 - rev 542630
Push 37653 by btara@mozilla.com at Thu, 30 Jul 2020 21:54:52 +0000
Bug 1642729 - P5: Set the permission of the temporary file to 600 r=gcp Differential Revision: https://phabricator.services.mozilla.com/D85075
8df2391ae799510c7cf0b979294eab81cd1e0200: Bug 1654438 - Add mochi.xorigin-test to whitelistHosts pref r=gcp
Dimi Lee <dlee@mozilla.com> - Thu, 23 Jul 2020 12:22:45 +0000 - rev 541752
Push 37631 by btara@mozilla.com at Thu, 23 Jul 2020 16:21:22 +0000
Bug 1654438 - Add mochi.xorigin-test to whitelistHosts pref r=gcp In fission cross-origin mochitests, "mochi.xorigin-test" is the top-level url instead of "mochi.test". Our pairwise whitelist has to use the right top-level host accordingly to make testcase work. Differential Revision: https://phabricator.services.mozilla.com/D84585
9c0f809e99246bcd7636a117ae50d67ab719471d: Bug 1650751 - Add FMODE_NONOTIFY to ignored file flags in Linux sandbox. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 13 Jul 2020 12:18:00 +0000 - rev 540269
Push 37596 by abutkovits@mozilla.com at Tue, 14 Jul 2020 03:18:58 +0000
Bug 1650751 - Add FMODE_NONOTIFY to ignored file flags in Linux sandbox. r=gcp As of kernel 5.8 (commit [e9c15badb][]), Linux will set the internal `FMODE_NONOTIFY` flag on files that don't exist in the filesystem, including (unnamed) pipes and sockets. Although this flag isn't properly part of the userspace API, it will be returned by F_GETFL, so userspace code that tries to change file flags will pass it to F_SETFL. The implementation of `F_SETFL` has an allow list of flags userspace can change (`SETFL_MASK`) and ignores all others, but our sandbox has a list of flags *known* to be ignored, because currently unknown flags could potentially be accepted by the kernel in the future. This patch adds `FMODE_NONOTIFY` as an ignored flag. [e9c15badb]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9c15badbb7b20ccdbadf5da14e0a68fbad51015 Differential Revision: https://phabricator.services.mozilla.com/D83205
042425712eb127ecceca3d981c33ce3d0d5d1e8f: Bug 1651701 - Allow rseq in the Linux sandboxes. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 13 Jul 2020 12:56:24 +0000 - rev 540266
Push 37596 by abutkovits@mozilla.com at Tue, 14 Jul 2020 03:18:58 +0000
Bug 1651701 - Allow rseq in the Linux sandboxes. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D83142
5980f36397c52d08215ad85b60b34c68a765d72d: Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 01 Jul 2020 21:10:36 +0000 - rev 539614
Push 37583 by abutkovits@mozilla.com at Thu, 09 Jul 2020 21:37:35 +0000
Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp This adds the boolean pref security.sandbox.content.headless (on Linux only) which does two things: 1. Sets the MOZ_HEADLESS env var for content processes, so that they don't initialize GTK and don't connect to the X server. 2. Disallows brokered access to parts of the filesystem used only for graphics -- most critically connecting to the X11 socket itself, but also opening GPU device nodes and the parts of sysfs used by Mesa, for example. This is experimental; use at your own risk. Setting this pref will break native widgets, so it's also necessary to set widget.disable-native-theme-for-content Additionally, it breaks Flash and WebGL; see bug 1638466 for the latter. Differential Revision: https://phabricator.services.mozilla.com/D81425
c19de94931de729e3b2f0913fdcce5fba2ad3ee3: Bug 1644917 - Part 2: Cache as much of the content sandbox file policy as possible. r=gcp,Gijs
Jed Davis <jld@mozilla.com> - Thu, 02 Jul 2020 11:26:11 +0000 - rev 539613
Push 37583 by abutkovits@mozilla.com at Thu, 09 Jul 2020 21:37:35 +0000
Bug 1644917 - Part 2: Cache as much of the content sandbox file policy as possible. r=gcp,Gijs Now that filesystem broker policy entries that depend on prefs can be cached in the "common" policy object, let's do this wherever possible. Partially fixes bug 1600189. Differential Revision: https://phabricator.services.mozilla.com/D81424
4ae86938c750dce839d01e57c9638af5f05ca535: Bug 1644917 - Part 1: Construct content sandbox "common" policy lazily. r=gcp,Gijs
Jed Davis <jld@mozilla.com> - Thu, 02 Jul 2020 11:27:21 +0000 - rev 539612
Push 37583 by abutkovits@mozilla.com at Thu, 09 Jul 2020 21:37:35 +0000
Bug 1644917 - Part 1: Construct content sandbox "common" policy lazily. r=gcp,Gijs When the SandboxBrokerPolicyFactory is constructed, prefs aren't available, which constrains the cached subset of the content process policy to entries that don't depend on prefs. Delaying the computation until a content process is started removes that restriction. (This also delays the reading of dynamic linker configuration to discover library directories, so a test needs to be adjusted.) Differential Revision: https://phabricator.services.mozilla.com/D81423
517da87860301c78bed1bcb507305453e0949e9f: Bug 1644917 - Part 0: Make AddDynamicPathList a static non-member function. r=gcp
Jed Davis <jld@mozilla.com> - Wed, 01 Jul 2020 20:49:19 +0000 - rev 539611
Push 37583 by abutkovits@mozilla.com at Thu, 09 Jul 2020 21:37:35 +0000
Bug 1644917 - Part 0: Make AddDynamicPathList a static non-member function. r=gcp Not strictly necessary, but I noticed this while I was making changes: AddDynamicPathList can be a simple static function instead of a private static method, and doesn't need to be in the header. Differential Revision: https://phabricator.services.mozilla.com/D81422
2b560ad42c0da7d4ce3bd08cc895ace4911357bb: Bug 1640612 - Allow socket process to read /etc, r=gcp
Kershaw Chang <kershaw@mozilla.com> - Fri, 26 Jun 2020 08:32:46 +0000 - rev 538443
Push 37563 by cbrindusan@mozilla.com at Thu, 02 Jul 2020 21:49:48 +0000
Bug 1640612 - Allow socket process to read /etc, r=gcp Differential Revision: https://phabricator.services.mozilla.com/D80718
fc28751a49a37db293d75c01e3f5ea71f200bf91: Bug 1513674 - Remove nsIMemoryReporter from fixed-length prefix. r=gcp
Dimi Lee <dlee@mozilla.com> - Tue, 30 Jun 2020 05:40:02 +0000 - rev 537921
Push 37555 by cbrindusan@mozilla.com at Tue, 30 Jun 2020 14:45:59 +0000
Bug 1513674 - Remove nsIMemoryReporter from fixed-length prefix. r=gcp Right now, now matter which SafeBrowsing protocol we use (V2 or V4), we always use variable-length prefix set to store prefixes. Since nsUrlClassifierPrefixSet is a member of VariableLengthPrefixSet and it is never used alone, we can remove nsIMemoryReporter from it to prevent calculating the same memory report twice. Differential Revision: https://phabricator.services.mozilla.com/D81171
0f8b6494d3eb9dad4c7f455f5ee89ad2a2d77e5b: Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 29 Jun 2020 22:32:10 +0000 - rev 537858
Push 37554 by nbeleuzu@mozilla.com at Tue, 30 Jun 2020 10:00:42 +0000
Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp This adds the boolean pref security.sandbox.content.headless (on Linux only) which does two things: 1. Sets the MOZ_HEADLESS env var for content processes, so that they don't initialize GTK and don't connect to the X server. 2. Disallows brokered access to parts of the filesystem used only for graphics -- most critically connecting to the X11 socket itself, but also opening GPU device nodes and the parts of sysfs used by Mesa, for example. This is experimental; use at your own risk. Setting this pref will break native widgets, so it's also necessary to set widget.disable-native-theme-for-content Additionally, it breaks Flash and WebGL; see bug 1638466 for the latter. Differential Revision: https://phabricator.services.mozilla.com/D81425
4da77f0a06873e8599172c4fe59525d364ee8f02: Bug 1644917 - Part 2: Cache as much of the content sandbox file policy as possible. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 29 Jun 2020 22:32:07 +0000 - rev 537857
Push 37554 by nbeleuzu@mozilla.com at Tue, 30 Jun 2020 10:00:42 +0000
Bug 1644917 - Part 2: Cache as much of the content sandbox file policy as possible. r=gcp Now that filesystem broker policy entries that depend on prefs can be cached in the "common" policy object, let's do this wherever possible. Should also fix bug 1621231. Differential Revision: https://phabricator.services.mozilla.com/D81424
54904fe41df8c268aa6b4ed123c5c8c2c46519dd: Bug 1644917 - Part 1: Construct content sandbox "common" policy lazily. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 29 Jun 2020 22:32:05 +0000 - rev 537856
Push 37554 by nbeleuzu@mozilla.com at Tue, 30 Jun 2020 10:00:42 +0000
Bug 1644917 - Part 1: Construct content sandbox "common" policy lazily. r=gcp When the SandboxBrokerPolicyFactory is constructed, prefs aren't available, which constrains the cached subset of the content process policy to entries that don't depend on prefs. Delaying the computation until a content process is started removes that restriction. Differential Revision: https://phabricator.services.mozilla.com/D81423
ef0321787c8f668187cc2ca9d3009194d0487edc: Bug 1644917 - Part 0: Make AddDynamicPathList a static non-member function. r=gcp
Jed Davis <jld@mozilla.com> - Mon, 29 Jun 2020 22:32:03 +0000 - rev 537855
Push 37554 by nbeleuzu@mozilla.com at Tue, 30 Jun 2020 10:00:42 +0000
Bug 1644917 - Part 0: Make AddDynamicPathList a static non-member function. r=gcp Not strictly necessary, but I noticed this while I was making changes: AddDynamicPathList can be a simple static function instead of a private static method, and doesn't need to be in the header. Differential Revision: https://phabricator.services.mozilla.com/D81422
c2d1a0de68749a1b00186d84a6c46b60de27279b: Bug 1640612 - Allow socket process to read /etc, r=gcp
Kershaw Chang <kershaw@mozilla.com> - Wed, 24 Jun 2020 20:43:30 +0000 - rev 537248
Push 37539 by nerli@mozilla.com at Thu, 25 Jun 2020 03:22:32 +0000
Bug 1640612 - Allow socket process to read /etc, r=gcp Differential Revision: https://phabricator.services.mozilla.com/D80718
3016761d0f895b767dd50798e923387464771b7b: Bug 1647133 - P2. Make nsIURIClassifier take a nsISerialEventTarget. r=gcp
Jean-Yves Avenard <jyavenard@mozilla.com> - Mon, 22 Jun 2020 14:46:01 +0000 - rev 536714
Push 37532 by abutkovits@mozilla.com at Tue, 23 Jun 2020 16:15:06 +0000
Bug 1647133 - P2. Make nsIURIClassifier take a nsISerialEventTarget. r=gcp The argument aEventTarget is actually never used by any caller; nullptr is always passed for it. But the code is there in case it isn't null which would call into IProtocol::SetEventTargetFor Depends on D80419 Differential Revision: https://phabricator.services.mozilla.com/D80421
5daace7782591a8ac4da3a9ecff53e5d095af545: Bug 1407712 - Block more versions of guard64.dll of Comodo Firewall. r=gcp
Toshihito Kikuchi <tkikuchi@mozilla.com> - Thu, 11 Jun 2020 14:36:44 +0000 - rev 535103
Push 37498 by apavel@mozilla.com at Fri, 12 Jun 2020 03:05:25 +0000
Bug 1407712 - Block more versions of guard64.dll of Comodo Firewall. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D79238
c96672fb6812dc0d93bd6e6792095c4b303ecb5e: Bug 1644642 - Use iterator-based RemoveElementsAt overload. r=gcp
Simon Giesecke <sgiesecke@mozilla.com> - Thu, 11 Jun 2020 07:17:07 +0000 - rev 535039
Push 37498 by apavel@mozilla.com at Fri, 12 Jun 2020 03:05:25 +0000
Bug 1644642 - Use iterator-based RemoveElementsAt overload. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D79032
a1d2876231fc094c37290c6bf50883d3c1b8856a: Bug 1637984 - Part 2: Block PavLspHook64.dll on Win7 and older. r=gcp
Toshihito Kikuchi <tkikuchi@mozilla.com> - Mon, 08 Jun 2020 15:43:30 +0000 - rev 534436
Push 37490 by dluca@mozilla.com at Mon, 08 Jun 2020 21:38:11 +0000
Bug 1637984 - Part 2: Block PavLspHook64.dll on Win7 and older. r=gcp Depends on D78414 Differential Revision: https://phabricator.services.mozilla.com/D78415
24100da078e3cc87192b7bfda658bf522a1eebe0: Bug 1639181 - Allow a safe subset of fd flag fcntls in the common sandbox policy. r=gcp
Jed Davis <jld@mozilla.com> - Fri, 29 May 2020 18:18:43 +0000 - rev 533590
Push 37474 by abutkovits@mozilla.com at Wed, 03 Jun 2020 09:29:05 +0000
Bug 1639181 - Allow a safe subset of fd flag fcntls in the common sandbox policy. r=gcp Content processes allow a restricted subset of F_{GET,SET}{FD,FL} that prevents setting unknown or known-unsafe flags, which was copied to the socket process policy; this patch moves it to the common policy and removes RDD's copy of GMP's override. The immediate reason for this is DMD using F_GETFL via fdopen to use a file descriptor passed over IPC, but in general this should be safe and it's a reasonable thing to expect to be able to use. Differential Revision: https://phabricator.services.mozilla.com/D77379
0b8199ac5ba9e939de887a2aff893b6b18b42dcc: Bug 1576728 - Block more versions of oly[64].dll and pdzipmenu[32|64].dll. r=gcp
Toshihito Kikuchi <tkikuchi@mozilla.com> - Mon, 18 May 2020 11:53:09 +0000 - rev 530591
Push 37428 by nbeleuzu@mozilla.com at Mon, 18 May 2020 21:48:24 +0000
Bug 1576728 - Block more versions of oly[64].dll and pdzipmenu[32|64].dll. r=gcp Since we learned these modules are a shell exntension, blocking in the browser process should suffice. Differential Revision: https://phabricator.services.mozilla.com/D75606
2cedf945f040aeb3c12cf50b27f1e4b21f24e76d: Bug 1347710 - Enable Windows GPU sandbox for supported hardware r=gcp
Chris Martin <cmartin@mozilla.com> - Wed, 06 May 2020 14:03:09 +0000 - rev 528429
Push 37387 by csabou@mozilla.com at Wed, 06 May 2020 21:51:14 +0000
Bug 1347710 - Enable Windows GPU sandbox for supported hardware r=gcp Currently, there is an outstanding issue where enabling the GPU sandbox breaks scrolling using the the mouse wheel on laptops with Intel GPUs. This will enable the GPU sandbox on Nightly for non-Intel GPUs to prevent any sandbox regressions while we try and figure out what the scrolling issue is. See Bug 1630860 for more info Differential Revision: https://phabricator.services.mozilla.com/D73923
79aa34a3c0e2c416465cb41756413ffc9844968d: Bug 1626570 - Improve handling of copying arrays in toolkit/components/url-classifier/. r=gcp
Simon Giesecke <sgiesecke@mozilla.com> - Thu, 30 Apr 2020 09:40:24 +0000 - rev 526910
Push 37365 by apavel@mozilla.com at Thu, 30 Apr 2020 15:50:41 +0000
Bug 1626570 - Improve handling of copying arrays in toolkit/components/url-classifier/. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D72328