Closed
Bug 979590
Opened 11 years ago
Closed 11 years ago
--enable-content-sandbox-reporter by default
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
khuey
:
review+
kang
:
review+
|
Details | Diff | Splinter Review |
Currently we use gonk-misc/default-gecko-config to add --enable-content-sandbox-reporter on b2g eng builds, but I feel that we'd want the crash reporter integration on production builds as well, so that if any sandboxing oversights make it past testing we'll be aware of that instead of not.
Consensus seems to be that not immediately killing the process isn't a significant change in security — in particular, the seccomp filter program is public, so being able to probe it by catching the SIGSYS isn't useful.
|
Assignee | |
Comment 1•11 years ago
|
||
Trying: https://tbpl.mozilla.org/?tree=Try&rev=dd3a4274c75b
Tested locally with a userdebug build (and a modified seccomp_filter.h).
Attachment #8386473 -
Flags: review?(khuey)
Attachment #8386473 -
Flags: review?(gdestuynder)
Attachment #8386473 -
Flags: review?(khuey) → review+
Attachment #8386473 -
Flags: review?(gdestuynder) → review+
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
||
Comment 2•11 years ago
|
||
Keywords: checkin-needed
|
|
||
Comment 3•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•