1274952 - Move process sandboxing defines into browser/

Status: NEW

(Core :: Security: Process Sandboxing, enhancement, P5)

Description

[Bob Owen (:bobowen)]

Thunderbird contributors have asked if the process sandboxing defines for MOZ_SANDBOX and MOZ_CONTENT_SANDBOX should be moved from old-configure.in to browser/

Comment 1

[Bob Owen (:bobowen)]

glandium - this seems to make sense, what's your opinion on it?

If we should do this, which file do we actually put them in?

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Bob Owen (:bobowen) from comment #0)
> Thunderbird contributors have asked if the process sandboxing defines for
> MOZ_SANDBOX and MOZ_CONTENT_SANDBOX should be moved from old-configure.in to
> browser/

b2g/ also uses them.  Lately B2G seems to be in the “will be broken without warning” platform tier (and it's not available on Try anymore, even as an opt-in, so avoiding breaking it is nontrivial), but this deserves at least a heads-up so it doesn't have security features silently disabled.

Comment 3

[Mike Hommey [:glandium]]

I think we should consider sandboxing part of the platform, but this brings an interesting concern, which is that some of the changes that are in flux rely on changes to browser/app/nsBrowserApp.cpp, which is definitely not part of the platform. I've long thought that we should have most of nsBrowserApp.cpp be part of some glue (xpcomglue or mozglue, presumably), because the duplication (or lack thereof) between $app/app/ns*App.cpp is painful, error-prone, and sometimes dangerous. Maybe it's time do really do something about it.