Landry Breuil wrote:
> > I'm suggesting that ignoring the technical, and focusing on the
> > political, being expedient at "reduction of patches", and bending over
> > backwards to please Mozilla people who don't understand unveil/pledge,
> > has caused harm here. It is turning a serious attempt
On Tue, Sep 24, 2019 at 12:57:57PM -0600, Theo de Raadt wrote:
> Landry Breuil wrote:
>
> > On Tue, Sep 24, 2019 at 11:13:38AM -0600, Theo de Raadt wrote:
> > > Landry Breuil wrote:
> > >
> > > > On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > > > > joshua stein wrote:
> > >
Landry Breuil wrote:
> On Tue, Sep 24, 2019 at 11:13:38AM -0600, Theo de Raadt wrote:
> > Landry Breuil wrote:
> >
> > > On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > > > joshua stein wrote:
> > > >
> > > > > I don't like the pledge and unveil settings being in preference
On Tue, Sep 24, 2019 at 11:13:38AM -0600, Theo de Raadt wrote:
> Landry Breuil wrote:
>
> > On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > > joshua stein wrote:
> > >
> > > > I don't like the pledge and unveil settings being in preferences for
> > > > these and other reason
Landry Breuil wrote:
> On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > joshua stein wrote:
> >
> > > I don't like the pledge and unveil settings being in preferences for
> > > these and other reasons, but it's currently what Mozilla people are
> > > asking for in order to g
Landry Breuil wrote:
> On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > joshua stein wrote:
> >
> > > I don't like the pledge and unveil settings being in preferences for
> > > these and other reasons, but it's currently what Mozilla people are
> > > asking for in order to g
Landry Breuil wrote:
> On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> > joshua stein wrote:
> >
> > > I don't like the pledge and unveil settings being in preferences for
> > > these and other reasons, but it's currently what Mozilla people are
> > > asking for in order to g
On Tue, Sep 24, 2019 at 06:43:51AM -0600, Theo de Raadt wrote:
> joshua stein wrote:
>
> > I don't like the pledge and unveil settings being in preferences for
> > these and other reasons, but it's currently what Mozilla people are
> > asking for in order to get reviewed/upstreamed and is how t
joshua stein wrote:
> I don't like the pledge and unveil settings being in preferences for
> these and other reasons, but it's currently what Mozilla people are
> asking for in order to get reviewed/upstreamed and is how their own
> sandboxing on other platforms is controlled
> (security.sand
On Mon, 23 Sep 2019 at 18:46:58 -0300, Anatoli wrote:
> > But to clarify, I'm not proposing to commit what I'm sending out,
> > this is just to get feedback from Firefox users so I can refine the
> > changes that are going upstream. Then once they are committed or at
> > least slated for inclus
> But to clarify, I'm not proposing to commit what I'm sending out,
> this is just to get feedback from Firefox users so I can refine the
> changes that are going upstream. Then once they are committed or at
> least slated for inclusion, we can figure out how to integrate them
> into our port(
On Sun, Sep 22, 2019 at 06:52:58PM +0200, Landry Breuil wrote:
> On Sun, Sep 22, 2019 at 11:15:53AM -0500, joshua stein wrote:
> > On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > > [snip]
> > > >
> > > > Everyone using firefox should definitely add its own usecases on top and
> > > > test th
On Sun, Sep 22, 2019 at 06:53:08PM +0200, prx wrote:
> * joshua stein le [22-09-2019 11:15:53 -0500]:
> > Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
> > your environment?
> >
>
> None of them :
>
> $ echo $XDG_CONFIG_HOME - $XDG_DATA_HOME - $XDG_CACHE_HOME
>
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:
> (I'm going to keep trying to send this until I get it right!)
>
>
> I've been working on enhancing the security of our Firefox port over
> the past couple weeks and would like some wider testing.
>
> - Firefox's GPU process gains pl
On Sun, Sep 22, 2019 at 11:15:53AM -0500, joshua stein wrote:
> On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > [snip]
> > >
> > > Everyone using firefox should definitely add its own usecases on top and
> > > test this. The idea is to refine the paths list until we have something
> > > we'r
* joshua stein le [22-09-2019 11:15:53 -0500]:
> On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > [snip]
> > >
> > > Everyone using firefox should definitely add its own usecases on top and
> > > test this. The idea is to refine the paths list until we have something
> > > we're confident wi
On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> [snip]
> >
> > Everyone using firefox should definitely add its own usecases on top and
> > test this. The idea is to refine the paths list until we have something
> > we're confident with, then defaults will be pushed upstream. In the
> > meanti
> unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2
Let me just say wow, what a schizophenic pathname.
[snip]
>
> Everyone using firefox should definitely add its own usecases on top and
> test this. The idea is to refine the paths list until we have something
> we're confident with, then defaults will be pushed upstream. In the
> meantime, we'll work with upstream to get the plumbing/logic commite
Landry Breuil writes:
> On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:
>
>
>
>> These patches are being tracked upstream and landry@ will help to
>> get them integrated once they are stable, although this review
>> process may take a while and it will probably take a while before
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:
> These patches are being tracked upstream and landry@ will help to
> get them integrated once they are stable, although this review
> process may take a while and it will probably take a while before
> they reach a mainline release:
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:
> (I'm going to keep trying to send this until I get it right!)
>
>
> I've been working on enhancing the security of our Firefox port over
> the past couple weeks and would like some wider testing.
>
> - Firefox's GPU process gains pl
> > After *all* these years, I don't understand why we are still pretending to
> > be
> > able to install stuff outside of /usr/local.
> > It causes nothing but pain for porters for absolutely *0* benefit. Because
> > it's
> > a promise we cannot hold.
> > Can't we just agree that VARBASE is /var
On 2019/09/20 19:03, Antoine Jacoutot wrote:
> > > Ports shouldn't use hardcoded /usr/local - the diff attached uses
> > > ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> > > ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> > > that comes from ports rather tha
> > Ports shouldn't use hardcoded /usr/local - the diff attached uses
> > ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> > ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> > that comes from ports rather than base, and ${SUBST_CMD} in
> > post-patch to substit
On Fri, 20 Sep 2019 at 11:44:58 -0500, joshua stein wrote:
> On Fri, 20 Sep 2019 at 17:33:40 +0100, Stuart Henderson wrote:
> > On 2019/09/20 10:00, joshua stein wrote:
> > > While the Chrome port uses separate files in /etc/chromium for
> > > unveil file lists, these patches use new comma-separate
On Fri, 20 Sep 2019 at 17:33:40 +0100, Stuart Henderson wrote:
> On 2019/09/20 10:00, joshua stein wrote:
> > While the Chrome port uses separate files in /etc/chromium for
> > unveil file lists, these patches use new comma-separated
> > about:config keys for them.
>
> > onts r,/etc/machine-id r,/
On 2019/09/20 10:00, joshua stein wrote:
> While the Chrome port uses separate files in /etc/chromium for
> unveil file lists, these patches use new comma-separated
> about:config keys for them.
> onts r,/etc/machine-id r,/etc/mailcap r,/tmp rwc,/usr/bin/lpr rx,/usr/local=
> /bin/gio-launch-deskto
(I'm going to keep trying to send this until I get it right!)
I've been working on enhancing the security of our Firefox port over
the past couple weeks and would like some wider testing.
- Firefox's GPU process gains pledge(2) support, now all three
process types (main, content, and gpu) are
(Sorry, e-mail problems mangled the first attempt at this.)
I've been working on enhancing the security of our Firefox port over
the past couple weeks and would like some wider testing.
- Firefox's GPU process gains pledge(2) support, now all three
process types (main, content, and gpu) are ple
On Fri, 20 Sep 2019 at 09:26:17 -0500, joshua stein wrote:
> And of course the patch got mangled...
>
>
> Index: Makefile
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
Ok, I give up.
https://jcs.org/patches/ff-port-unveil6.diff
And of course the patch got mangled...
Index: Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/ports/www/mozilla-fir
I've been working on enhancing the security of our Firefox port over
the past couple weeks and would like some wider testing.
- Firefox's GPU process gains pledge(2) support, now all three
process types (main, content, and gpu) are pledged.
- The inet permission is removed from content proce
33 matches
Mail list logo
