Closed Bug 1149706 Opened 9 years ago Closed 8 years ago

[Meta] Remaining issues for content process sandboxing on the Mac

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: smichaud, Assigned: smichaud)

References

Details

(Keywords: meta) 

Bug 1083344 made a start on Mac content process sandboxing.  But a number of issues remain unresolved, and will need to be dealt with over the next few months.  These include at least the following:

A) A number of tasks remain that need to be proxied from the content process to the main process, but haven't yet been.  Here's a rough list (originally from bug 1083344 comment #153:

1) The native filepicker dialog.

This mostly already is (when the dialog is triggered from the menu).  But it isn't (yet) when triggered by <input type=file>.  See bug 910384 and bug 1101100.

2) The native print dialog.

By sheer chance the native page setup dialog is already launched from the main process.

3) Several other kinds of file access (bug 1124817).

4) Loading chrome URLs (bug 1136836).

5) Camera and microphone access (bug 1104615).

6) Loading GMP plugins (bug 1057908).

B) Once all the proxying is finished we'll need to go through the sandbox ruleset at bug 1083344 and see what rules can be eliminated (hopefully most of them).

C) For at least some of the sandboxing rules that remain (which we still need for sandboxing the content process on the Mac), it won't be obvious *why* we need them.  For these we'll need to find out why, as best we can.  This will require serious reverse engineering of OS X.
See Also: → 1083344
Assignee: nobody → smichaud
I should make it clear that I'm not going to be working on any of the tasks listed in comment #0 that are cross-platform (that are needed on all platforms, and which primarily require changes to cross-platform code).  I simply don't have the time.

What I'll be working on are the Mac-specific tasks -- for example proxying the native print dialog to the chrome process.  And I'll be working on them with someone I'll be training up in my Mac reverse engineering skills, so that I can retire sometime later this year.
(Following up comment #0)

7) Loading file:// URLs (bug 922481)
(Following up comment #0)

8) Loading files from "about:..." pages, particularly the "about:sync-log" page.

See bug 1175881.
> 2) The native print dialog.

This has been done by Mike Conley at bug 1091112.  Thanks, Mike!
Depends on: 1221148
Keywords: meta
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.