[mac] blacklist read access to /Volumes at level 3

RESOLVED FIXED in Firefox 55

Status

()

RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Tracking

Trunk
mozilla55
All
macOS
Points:
---

Firefox Tracking Flags

(firefox55 fixed)

Details

(Whiteboard: sbmc2)

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
I don't think this can be used to access `/Users` or anything, since `/Volumes/Macintosh HD` is a symlink to `/`, but it could be used to access anything on an external HDD or USB drive.
(Assignee)

Updated

2 years ago
Whiteboard: sbmc2
Comment hidden (mozreview-request)

Comment 2

2 years ago
mozreview-review
Comment on attachment 8867339 [details]
Bug 1363179 - do not allow content processes to read from /Volumes on macOS

https://reviewboard.mozilla.org/r/138860/#review142206
Attachment #8867339 - Flags: review?(haftandilian) → review+
(Assignee)

Updated

2 years ago
Keywords: checkin-needed
(Assignee)

Updated

2 years ago
Assignee: nobody → agaynor

Comment 3

2 years ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/02f1025c91f8
do not allow content processes to read from /Volumes on macOS r=haik
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/02f1025c91f8
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
See Also: → bug 1367560
You need to log in before you can comment on or make changes to this bug.