Bug 1417959 - Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm, a=gchang
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1041,17 +1041,21 @@ pref("dom.ipc.plugins.sandbox-level.flas
#endif
#if defined(MOZ_CONTENT_SANDBOX)
// This controls the strength of the Windows content process sandbox for testing
// purposes. This will require a restart.
// On windows these levels are:
// See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
// SetSecurityLevelForContentProcess() for what the different settings mean.
+#if defined(NIGHTLY_BUILD)
+pref("security.sandbox.content.level", 5);
+#else
pref("security.sandbox.content.level", 4);
+#endif
// This controls the depth of stack trace that is logged when Windows sandbox
// logging is turned on. This is only currently available for the content
// process because the only other sandbox (for GMP) has too strict a policy to
// allow stack tracing. This does not require a restart to take effect.
pref("security.sandbox.windows.log.stackTraceDepth", 0);
#endif
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -471,21 +471,23 @@ SandboxBroker::SetSecurityLevelForConten
sandbox::MitigationFlags mitigations =
sandbox::MITIGATION_BOTTOM_UP_ASLR |
sandbox::MITIGATION_HEAP_TERMINATE |
sandbox::MITIGATION_SEHOP |
sandbox::MITIGATION_DEP_NO_ATL_THUNK |
sandbox::MITIGATION_DEP |
sandbox::MITIGATION_EXTENSION_POINT_DISABLE;
- if (aSandboxLevel > 3) {
+ if (aSandboxLevel > 4) {
result = mPolicy->SetAlternateDesktop(false);
MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
"Failed to create alternate desktop for sandbox.");
+ }
+ if (aSandboxLevel > 3) {
mitigations |= sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL;
// If we're running from a network drive then we can't block loading from
// remote locations.
if (!sRunningFromNetworkDrive) {
mitigations |= sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE;
}
}
