Review Shumway's sandboxes

RESOLVED INCOMPLETE

Status

RESOLVED INCOMPLETE
4 years ago
3 years ago

People

(Reporter: till, Assigned: yury)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
Shumway has three different layers of sandboxing:

- An outermost sandbox that prevents content from getting direct access to chrome-privileged code.
- An inner one around the content script-executing part of Shumway that prevents content from directly accessing the Shumway instance's iframe.
- An implementation of Flash's SecurityDomains for controlling access between SWFs from different domains loaded into the same player instance.

These sandboxes are in very different shapes: the outermost is ready for review right now, the inner one needs some work on our part (mostly bug 1137942, but also some cleanup of how the communication works) to ease verification but largely works, while the SecurityDomains implementation isn't finished at all.

I'll file blocking bugs for verifying the three different sandboxes next.

We should probably do a kick-off meeting to go over the general strokes as a first step.
(Reporter)

Updated

4 years ago
Depends on: 1137947
(Reporter)

Updated

4 years ago
Depends on: 1137950
(Reporter)

Updated

4 years ago
Depends on: 1137953
(Reporter)

Updated

4 years ago
Depends on: 1138055
(Reporter)

Comment 1

4 years ago
As long as the outer sandbox is verified and we only load stuff from domains that crossdomain.xml allows, this doesn't block enabling on Nightly.
Blocks: 1037580
No longer blocks: 1037568
Yury needs to confirm he has addressed bholley's initial review feedback (before asking bholley for a final review).
Assignee: nobody → ydelendik
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.