Policies set via GPO can be bypassed/canceled by using an invalid policies.json file
Categories
(Firefox :: Enterprise Policies, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox73 | --- | unaffected |
firefox74 | --- | verified |
firefox75 | --- | verified |
People
(Reporter: emilghitta, Assigned: mkaply)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 obsolete file)
Affected versions
- Firefox 75.0a1 (BuildId:20200216210001)
- Firefox 74.0b1 (BuildId:20200210140608)
Unaffected versions
- Firefox 73.0 (BuildId:20200207195153)
Affected platforms
- Windows 10 64bit.
Preconditions
Enable several policies via GPO (ex: Disable Private Browsing and Disable Firefox Screenshots)
Steps to reproduce
- Create a distribution folder inside your Firefox path.
- Add a policies.json file which contains invalid entries.
- Launch Firefox.
- Access the about:policies page.
Expected result
- Policies that were previously set via GPO are being successfully displayed inside the about:policies page and they are successfully applied. (In this case Private Browsing and Firefox Screenshots should be disabled).
Actual result
- Policies that were previously set via GPO are not applied ( In this case Private Browsing and Firefox Screenshots are enabled)
Regression Range
- I think that this may have came with the changes performed in Bug 1552600
Note
Example of invalid policies.json file content:
{
"policies": {
"DisableTelemetry": true,
"DisableMasterPasswordCreation": true,
"Locke
}
}
Reporter | ||
Comment 1•4 years ago
|
||
Hi Mike,
I think that Bug 1552600 may have introduced this behavior.
Can you please take a look?
Thank you!
Reporter | ||
Updated•4 years ago
|
Assignee | ||
Comment 2•4 years ago
|
||
Updated•4 years ago
|
Assignee | ||
Comment 3•4 years ago
|
||
Thanks!
Interesting enough, this bug was there in the very beginning of the policy engine, but was exposed by my patch:
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/8bd615a461b7 Invalid hasPolicies check. r=mconley
Comment 5•4 years ago
|
||
Backed out for xpcshell failures on EnterprisePolicies.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/31bc0ae892778b5c8e1f100bd8a7f2c59adf7811
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=289401599&repo=autoland&lineNumber=2932
There were also bc failures on browser_policies_notice_in_aboutpreferences.js: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=289401890&repo=autoland&lineNumber=17246
Updated•4 years ago
|
Assignee | ||
Comment 6•4 years ago
|
||
I've backed out the original patch while I do more investigation.
Comment 7•4 years ago
|
||
74 and 75 are fixed by the backout in bug 1552600, adjusting flags. it would be good to have QA verify that the backout did fix the problem here though.
Reporter | ||
Comment 8•4 years ago
|
||
I can confirm that the backout for Bug 1552600 fixes this issue.
Tested with Firefox 74.0b8 (BuildId:20200226031638) and Firefox 75.0a1 (BuildId:20200226092757).
Mike. Should we address the follow up work for this underlying issue in another place? (Should I file a new issue or a task maybe?)
Thank you!
Assignee | ||
Comment 9•4 years ago
|
||
I think we should just leave this for now and I'll double check it when I redo bug 1552600
Updated•4 years ago
|
Assignee | ||
Comment 10•3 years ago
|
||
I'm finally fixing bug 1552600 and I'm duping this to this to that bug because I fixed this specific case and I added a test for it.
Description
•