Open
Bug 614351
Opened 14 years ago
Updated 2 years ago
deny JS-ctypes access to addon (e10s) child processes
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| e10s | later | --- |
People
(Reporter: warner, Unassigned)
Details
bsmedberg mentioned a while back that they were adding JS-ctypes access to E10S child processes. To help maintain confinement of Jetpack addons (specifically the code that runs outside of the main browser process), we'd like to turn this off. In particular, when the main process launches a new jetpack process, we'd like a flag that lets us disable js-ctypes in the child. The goal is this: if sandboxing fails in the child process, such that it starts executing hostile javascript without confinement, we'd like to limit the damage that the evil code can do. Without js-ctypes, it is limited to sending messages to the parent process (so the damage is limited to whatever the parent is willing to do in response to those messages). If the child *does* have js-ctypes access, then it has compromised the entire user account. I'm not sure what Product/Component this should be attached to, but I'll start with jetpack and hope that someone who knows more than me can assign it appropriately.
|
Reporter | |
Updated•14 years ago
|
Component: General → XPCOM
Product: Add-on SDK → Core
QA Contact: general → xpcom
Target Milestone: -- → ---
Version: unspecified → Trunk
|
|
Reporter | |
Comment 1•14 years ago
|
||
For reference, bug 588563 is where ctypes were exposed to the jetpack process. Setting product/component to match.
|
||
Updated•10 years ago
|
tracking-e10s:
--- → +
|
||
Updated•10 years ago
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•