Open Bug 1054621 Opened 5 years ago Updated 3 years ago

Create "malicious" media plugins to test GMP sandboxing

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set

Tracking

()

People

(Reporter: jld, Unassigned)

References

(Blocks 3 open bugs)

Details

(Whiteboard: sb+)

We should have testing that verifies that the GMP sandbox is actually effectively accomplishing sandboxing: load a plugin that (depending on the test case) tries to directly access the filesystem or network, or otherwise escape the sandbox, and then verify that the action in question doesn't succeed.

We'll need to be careful about adding cases to this testsuite corresponding to bugs founds later on, because at minimum they'd constitute proof-of-concept exploits for earlier versions, but we can cross that bridge when we come to it.
These bugs are fit and finish issues that might block EME uplift to Aurora.
Blocks: eme-m3
No longer blocks: eme-m3
Move process sandboxing bugs to the new Bugzilla component.

(Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
Blocks: sb-test
Whiteboard: sb+
See Also: → 1309394
You need to log in before you can comment on or make changes to this bug.