Closed
Bug 1054621
Opened 10 years ago
Closed 3 years ago
Create "malicious" media plugins to test GMP sandboxing
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
91 Branch
| Tracking | Status | |
|---|---|---|
| firefox91 | --- | fixed |
People
(Reporter: jld, Assigned: gerard-majax)
References
(Blocks 3 open bugs)
Details
(Whiteboard: sb+)
Attachments
(1 file, 1 obsolete file)
We should have testing that verifies that the GMP sandbox is actually effectively accomplishing sandboxing: load a plugin that (depending on the test case) tries to directly access the filesystem or network, or otherwise escape the sandbox, and then verify that the action in question doesn't succeed. We'll need to be careful about adding cases to this testsuite corresponding to bugs founds later on, because at minimum they'd constitute proof-of-concept exploits for earlier versions, but we can cross that bridge when we come to it.
|
||
Comment 1•10 years ago
|
||
These bugs are fit and finish issues that might block EME uplift to Aurora.
Blocks: eme-m3
|
Reporter | |
Comment 2•9 years ago
|
||
Move process sandboxing bugs to the new Bugzilla component. (Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
|
Assignee | |
Comment 3•3 years ago
|
||
Depends on D116894
|
||
Updated•3 years ago
|
Attachment #9226163 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 4•3 years ago
|
||
Depends on D116894
|
|
||
Updated•3 years ago
|
Assignee: nobody → lissyx+mozillians
Status: NEW → ASSIGNED
Pushed by alissy@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4cffc89eeda4 Add GMPlugin Sandbox Tests r=handyman,bryce
|
||
Comment 6•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox91:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•