tl;dr: Please enable fission.enforceBlocklistedPrefsInSubprocesses and fission.omitBlocklistedPrefsInSubprocesses in Nightly.
Now that we have shipped Fission, we would like to disable the Spectre mitigations (on Desktop)[0] to regain the performance cost incurred by them. Before doing so, we are working to ensure that data present in the content process has been evaluated for sensitivity and removed where appropriate. One of the items there is sensitive preference values; there are some the content process doesn't need and that we wouldn't want to expose to an attacker. Here's[1] our list if you're curious, and it also algorithmically excludes dynamically named string preferences. From opt-in testing so far we are pretty sure this is safe to do and won't cause problems. But we want to expand the opt-in process before enabling it by default. This is because if a sensitive preference is accessed in the content process we will crash with the name of the preference present in the crash report. (Not the value, just name.) We really should not be creating dynamically named preferences that include user data in the name, but we know of the print.printer_ preferences so it's not out of the question. We don't know of any others, but to be as conservative as possible, we are doing a staged opt-in rollout before we enable it by default. If you do hit one of these corner cases (and no one has so far) you will get a content process crash, and it will submit the name of the sensitive preference accessed in the crash report, which is restricted behind the allowlisting that crash-stats does for user accounts to have access to sensitive information. Thanks for your help. -tom [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1707955 [1] https://searchfox.org/mozilla-central/rev/21e50ef42340c421c5ae2df29f2509d17339c239/modules/libpref/Preferences.cpp#5768 -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADua4_u0_2AUXpW%3D0_YKuAsz0tUcX44HBUN8L8b%2Bz-nzu7Xc1A%40mail.gmail.com.
