Closed Bug 1124817 Opened 5 years ago Closed 4 years ago

[e10s][meta]Move file access and API usage away from content process

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set

Tracking

()

RESOLVED INVALID

People

(Reporter: areinald.bug, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: meta)

Sandboxing the content process has revealed that it uses too many files and APIs. This meta-bug aims to track the specific work to be done on e10s to move those away from the content process.
Bug 1121295 is tracking a number of bugs along these lines that were found on B2G.  Some of them might be relevant to other platforms as well.

Bug 918680 is a tracker that also refers to using IPC rather than direct system resource access, but it was filed when the state of sandboxing was not what it is today, so I'm not sure what its relationship to this bug should be.
Depends on: 1121295
See Also: → fix-ipc-sandbox
Bug 1105816 is tracking bugs that are blocking us from strengthening the Windows content sandbox.

Generally these are the first thing to break when using stronger settings.
Once these are fixed we may find other things that break.

Also, generally they are blocking strengthening the sandbox at all.
There will almost certainly be other things we need to do to get to a strong policy.
See Also: → 1105816
See Also: → 1083344
Depends on: 1136836
Component: Security → Security: Process Sandboxing
Keywords: meta
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.