Closed
Bug 1156835
Opened 9 years ago
Closed 4 years ago
Investigate if the fix for bug 1087565 still has problems because of the use of the command line to pass the secret.
Categories
(Core :: IPC, defect, P3)
Tracking
()
People
(Reporter: bobowen, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-audit, Whiteboard: sb+)
The fix for bug 1087565 is based on the Chrome patch for the same problem. In bug 1087565 comment 8, a question was raised over whether the way the shared secret is passed to the other process is secure enough. This bug is to investigate that and fix it, if it is deemed to be problem.
Reporter | ||
Comment 1•9 years ago
|
||
I wasn't sure what sec-* rating this should have as we're not sure if this is even a problem.
Flags: needinfo?(dveditz)
Updated•9 years ago
|
Group: core-security
Updated•8 years ago
|
status-firefox40:
affected → ---
Reporter | ||
Updated•8 years ago
|
Whiteboard: sb?
Updated•7 years ago
|
Whiteboard: sb? → sb+
Updated•7 years ago
|
Priority: -- → P2
Comment 2•6 years ago
|
||
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Updated•6 years ago
|
Blocks: fission-site-sandbox
Reporter | ||
Comment 3•4 years ago
|
||
Now that bug 1557282 made it so that sandboxed processes cannot open each other, I think we can safely close this bug.
It seems reasonable to assume that not having permissions to open a process would block any ability to read its command line information.
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox77:
--- → fixed
status-firefox78:
--- → fixed
status-firefox79:
--- → fixed
status-firefox-esr68:
--- → fixed
status-firefox-esr78:
--- → fixed
Depends on: 1557282
Resolution: --- → FIXED
Updated•4 years ago
|
Group: dom-core-security → core-security-release
Updated•4 years ago
|
status-firefox-esr78:
fixed → ---
tracking-firefox-esr68:
--- → 76+
Updated•3 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•