Closed
Bug 1358652
Opened 8 years ago
Closed 7 years ago
xpcshell e10s tests aren't sandboxed
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
DUPLICATE
of bug 1257098
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | affected |
People
(Reporter: jld, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: sb+)
When xpcshell tests create content processes, the security.sandbox.content.level pref reads as 0, because it's set in browser/app/profile/firefox.js, which xpcshell doesn't use. Usually this means the content processes aren't sandboxed.
I think it would make more sense for xpcshell to do the same thing as the browser, here. I'm not as sure about changing it across the board, because I don't know how much other embeddings do things that would affect the content process's interaction with the sandbox (e.g., if they load frame scripts that do unexpected things).
This may cause regressions. For example, once I land bug 1358647, there's at least one xpcshell test that will break on Linux when it tries to load httpd.js in a content process and XHR it (in fact, if there's any platform where it *doesn't* break, then that's a deficiency in the sandbox and bugs should be filed).
|
||
Updated•8 years ago
|
Whiteboard: sblc5, sbwc3, sbmc3
|
||
Comment 1•7 years ago
|
||
Sandboxing is now explicitly disabled in bug 1370438.
|
|
||
Updated•7 years ago
|
|
|
||
Comment 2•7 years ago
|
||
This appears to be the same as bug 1257098.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•