(In reply to Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧ from comment #12) > The driver does in fact appear to be using SysV IPC; [here, for example][a-semget]. This is… not great; SysV IPC's security model is based only on uid/gid and as far as I know there's no way to use a broker to restrict access as we do with regular file accesses (by passing fds with `SCM_RIGHTS`). As mentioned in the bug where this feature was added. This code must run in the GPU or RDD process. It shouldn't run in the content process as it does now. So I don't believe the priority to fix this bug as-is to be high, nor a sandboxing issue.
Bug 1619585 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧ from comment #12) > The driver does in fact appear to be using SysV IPC; [here, for example][a-semget]. This is… not great; SysV IPC's security model is based only on uid/gid and as far as I know there's no way to use a broker to restrict access as we do with regular file accesses (by passing fds with `SCM_RIGHTS`). As mentioned in the bug where this feature was added. This code must run in the GPU or RDD process. It shouldn't run in the content process as it does now. So I don't believe the priority to fix this bug as-is to be high, nor a sandboxing issue.