Wouldn't it make sense to keep using RDD process (but slightly changing its sandbox: 1698778 comment 10) - until the apparently upcoming GPUFallback utility process can be used - to make things consistent across platforms? https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process > Data Decoder (RDD) Process > This process is in the process of being restructured into a generic “utility” process type for running untrusted code in a maximally secure sandbox. After these changes, the following new process types will exist, replacing the RDD process: > > * Utility: A maximally sandboxed process used to host untrusted code which does not require access to OS resources. This process will be even more sandboxed than RDD today on Windows, where the RDD process has access to Win32k. > * UtilityWithWin32k: A Windows-only process with the same sandboxing as the RDD process today. This will be used to host untrusted sandboxed code which requires access to Win32k to allow decoding directly into GPU surfaces. > * GPUFallback: A Windows-only process using the GPU process’ sandboxing policy which will be used to run Windows Media Foundation (WMF) when the GPU process itself is unavailable, allowing UtilityWithWin32k to re-enable Arbitrary Code Guard (ACG) on Windows.
Bug 1733680 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Wouldn't it make sense to keep using RDD process (but slightly changing its sandbox: bug 1698778 comment 10) - until the apparently upcoming GPUFallback utility process can be used - to make things consistent across platforms? https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process > Data Decoder (RDD) Process > This process is in the process of being restructured into a generic “utility” process type for running untrusted code in a maximally secure sandbox. After these changes, the following new process types will exist, replacing the RDD process: > > * Utility: A maximally sandboxed process used to host untrusted code which does not require access to OS resources. This process will be even more sandboxed than RDD today on Windows, where the RDD process has access to Win32k. > * UtilityWithWin32k: A Windows-only process with the same sandboxing as the RDD process today. This will be used to host untrusted sandboxed code which requires access to Win32k to allow decoding directly into GPU surfaces. > * GPUFallback: A Windows-only process using the GPU process’ sandboxing policy which will be used to run Windows Media Foundation (WMF) when the GPU process itself is unavailable, allowing UtilityWithWin32k to re-enable Arbitrary Code Guard (ACG) on Windows.