Open
Bug 1257098
Opened 8 years ago
Updated 2 years ago
No sandboxing support in xpcshell
Categories
(Core :: Security: Process Sandboxing, defect, P2)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox48 | --- | affected |
People
(Reporter: bugzilla, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: sb+)
Working on bug 1256541, I see a few problems that I think are going to hurt testability of sandboxing in the long run, especially as sandboxing affects more and more code: 1) xpcshell tests involving content processes do not run with sandboxing enabled. There are no prefs set for it and startup/teardown code is not present; 2) The new NS_APP_CONTENT_PROCESS_TEMP_DIR is not available outside Firefox. During review, bsmedberg was somewhat uncomfortable with the fact that we initialize that directory in a different place from where we retrieve it. I propose that we create a new directory provider specifically for sandboxing to handle this stuff. While we're at it, we should remove the directory creation and deletion I/O operations from the main thread.
Updated•8 years ago
|
Whiteboard: [sb?] → sb+
Updated•8 years ago
|
Flags: needinfo?(aklotz)
Reporter | ||
Comment 1•8 years ago
|
||
We run a lot of tests in child processes from xpcshell. In addition to the two crashreporter tests, I see 68 occurrences of a JS file being run in a content process from xpcshell, across several distinct components. https://dxr.mozilla.org/mozilla-central/search?tree=mozilla-central&q=run_test_in_child&redirect=true
Flags: needinfo?(aklotz)
Updated•7 years ago
|
OS: Unspecified → All
Priority: -- → P2
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•