Opened 4 months ago

Closed 2 months ago

Last modified 13 days ago

#23970 closed defect (fixed)

Printing to a file is broken with Linux content sandboxing enabled

Reported by: gk Owned by: pospeselr
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr-will-have, AffectsTails, tbb-regression, TorBrowserTeam201712R
Cc: intrigeri, pospeselr, fdsfgs@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While investigating #23016 it turned out that the newly enabled content sandboxing prevents from printing to a file not only on particular Linux setups but outright denies it.

The reason for that is https://bugzilla.mozilla.org/show_bug.cgi?id=1309205. We need to backport

https://hg.mozilla.org/mozilla-central/rev/5c25a123203a
https://hg.mozilla.org/mozilla-central/rev/2797f193a147
https://hg.mozilla.org/mozilla-central/rev/5b9702d8fe4e

and

https://hg.mozilla.org/mozilla-central/rev/5e7872cb3b5c

to fix that. As a workaround one can set security.sandbox.content.level to 1.

Child Tickets

Change History (25)

comment:1 Changed 4 months ago by gk

Keywords: TorBrowserTeam201710 GeorgKoppen201710 added

comment:2 Changed 4 months ago by tokotoko

Cc: fdsfgs@… added

comment:3 Changed 4 months ago by gk

Keywords: GeorgKoppen201711 added; GeorgKoppen201710 removed

Moving my tickets to November.

comment:4 Changed 4 months ago by gk

Keywords: TorBrowserTeam201711 added; TorBrowserTeam201710 removed

Moving tickets over to November.

comment:5 Changed 3 months ago by gk

See #24177, too.

comment:7 Changed 3 months ago by pospeselr

Owner: changed from tbb-team to pospeselr
Status: newassigned

comment:8 Changed 3 months ago by gk

Keywords: GeorgKoppen201711 removed

comment:9 Changed 3 months ago by pospeselr

Keywords: GeorgKoppen201711 TorBrowserTeam201711R added; TorBrowserTeam201711 removed
Status: assignedneeds_review

Verifying patch builds on Windows and OSX, but this should be a Linux-only change.

comment:10 Changed 3 months ago by gk

Keywords: TorBrowserTeam201711 added; GeorgKoppen201711 TorBrowserTeam201711R removed
Status: needs_reviewneeds_revision

I have not looked closer at the backport but here are some things we should fix:

1) Looking at the dependencies for bug 1309205 it seems to me we need to backport https://hg.mozilla.org/mozilla-central/rev/997c6b961cd0.

2) We should have one commit per Mozilla commit. This makes it easier to review the backport at least. It might even make it easier to narrow problems down during bisecting if we don't have just a big patch comprising all the changesets.

3) "Issue 23970" -> "Bug 23970"

comment:11 Changed 3 months ago by pospeselr

Keywords: TorBrowserTeam201711R added; TorBrowserTeam201711 removed
Status: needs_revisionneeds_review

Split up the original patch into it's component firefox patches, and also added change 997c6b961cd0.

comment:12 Changed 3 months ago by gk

Keywords: TorBrowserTeam201712R added; TorBrowserTeam201711R removed

Moving review tickets over to December

comment:13 Changed 2 months ago by gk

The backport looks good. I think we should somehow keep the original Mozilla bug number at least (maybe even the patch author information) as this helps us finding patches in our tree. Especially in the case where you are referencing the mercurial patch while we are working with git. There are probably more folks who have mozilla-central as a git remote then an additional mercurial checkout of that branch. See comment:10:ticket:22084 for a workflow that works for me at least (not a thing you must or should follow, just something that makes it easy to deal with tor-browser and Mozilla's code in a git repository).

I know you are at the All Hands meeting. If you could find time to add at least the Mozilla bug number until Monday, great. Otherwise I'd take the patches as-is as I want to have that in the next alpha.

comment:14 Changed 2 months ago by gk

Oh, and just for posterity: part of the proposed backport (of 2797f193a147) already landed in ESR 52 previously, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1343813 and https://hg.mozilla.org/releases/mozilla-esr52/rev/90f870bbec29).

comment:15 Changed 2 months ago by pospeselr

Updated all the patches to include the associated Mozilla bug numbers

comment:16 Changed 2 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks! Applied to tor-browser-52.5.2esr-7.5-2 as commit
9dadb90813c148d623d3bd35b629eebf499d27c4
2a11447e4fb8ec6d64031cc41bdcef97603343cb
8d7757dbd40f4619f84dc51853c81186a22b0160
b23c1c6e66cfca06fb3a3c9ad370fcd466ecb963
e1e2517a187f7a867f819c7294e62d93ad32b1ba

comment:17 in reply to:  16 ; Changed 2 months ago by intrigeri

Replying to gk:

Thanks! Applied to tor-browser-52.5.2esr-7.5-2

Amazing!

My understanding is that 7.5 is the alpha branch currently. When can we expect this fix to make it into a Tor Browser stable release?

comment:18 in reply to:  17 Changed 2 months ago by gk

Replying to intrigeri:

Replying to gk:

Thanks! Applied to tor-browser-52.5.2esr-7.5-2

Amazing!

My understanding is that 7.5 is the alpha branch currently. When can we expect this fix to make it into a Tor Browser stable release?

If nothing blows up in the alpha in Tor Browser 7.5 which is due on Jan 23, 2018.

comment:19 Changed 13 days ago by cypherpunks

Keywords: ff60-esr-will-have added; ff59-esr-will-have removed
Note: See TracTickets for help on using tickets.