Closed Bug 1379182 Opened 4 years ago Closed 4 years ago
restrict file-write* sandbox rules to more specific permissions
Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS;
59 bytes, text/x-review-board-request
We currently use |file-write*| rules in two places in our sandbox policies. |file-write*| encompasses more permissions than we really need. Specifically, based on |strings /usr/lib/libsandbox.dylib | grep file-write| it appears to contain the following: file-write-acl file-write-create file-write-data file-write-flags file-write-mode file-write-owner file-write-setugid file-write-times file-write-unlink file-write-xattr (define file-unlink file-write-unlink) (define file-write-mount file-mount) (define file-write-unmount file-unmount) (define file-write-umount file-unmount) I'm pretty sure that for both of these callsites we only actually need |file-write-create| and |file-write-data|. I don't think there's any particular security concern with these extra rules (and indeed some of these are probably useless without root), so the narrower rule is primarily about reducing the kernel surface exposed.
Comment on attachment 8884829 [details] Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; https://reviewboard.mozilla.org/r/155720/#review160782 Looks good. Please sanity check printing and print-to-file for this one too.
Attachment #8884829 - Flags: review?(haftandilian) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/1ba3f4c9ef45 Remove some unnecessary file-write permissions types from the content process on macOS; r=haik
You need to log in before you can comment on or make changes to this bug.