Open
Bug 1274952
Opened 8 years ago
Updated 3 years ago
Move process sandboxing defines into browser/
Categories
(Core :: Security: Process Sandboxing, enhancement, P5)
Core
Security: Process Sandboxing
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox49 | --- | affected |
People
(Reporter: bobowen, Assigned: glandium)
Details
(Whiteboard: sb+)
Thunderbird contributors have asked if the process sandboxing defines for MOZ_SANDBOX and MOZ_CONTENT_SANDBOX should be moved from old-configure.in to browser/
Reporter | ||
Comment 1•8 years ago
|
||
glandium - this seems to make sense, what's your opinion on it? If we should do this, which file do we actually put them in?
Flags: needinfo?(mh+mozilla)
Comment 2•8 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #0) > Thunderbird contributors have asked if the process sandboxing defines for > MOZ_SANDBOX and MOZ_CONTENT_SANDBOX should be moved from old-configure.in to > browser/ b2g/ also uses them. Lately B2G seems to be in the “will be broken without warning” platform tier (and it's not available on Try anymore, even as an opt-in, so avoiding breaking it is nontrivial), but this deserves at least a heads-up so it doesn't have security features silently disabled.
Assignee | ||
Comment 3•8 years ago
|
||
I think we should consider sandboxing part of the platform, but this brings an interesting concern, which is that some of the changes that are in flux rely on changes to browser/app/nsBrowserApp.cpp, which is definitely not part of the platform. I've long thought that we should have most of nsBrowserApp.cpp be part of some glue (xpcomglue or mozglue, presumably), because the duplication (or lack thereof) between $app/app/ns*App.cpp is painful, error-prone, and sometimes dangerous. Maybe it's time do really do something about it.
Flags: needinfo?(mh+mozilla)
Updated•8 years ago
|
Whiteboard: sb+
Updated•3 years ago
|
Assignee: nobody → mh+mozilla
Severity: normal → S4
Type: defect → enhancement
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•