Closed Bug 1383818 Opened 3 years ago Closed 3 years ago

[mac] remove mach-lookup permissions for com.apple.ocspd

Categories

(Core :: Security: Process Sandboxing, enhancement)

Unspecified
macOS
enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

References

Details

Attachments

(1 file)

We don't use the system trust APIs for anything, so this is purely extra attack surface.
Assignee: nobody → agaynor
Comment on attachment 8889519 [details]
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service;

https://reviewboard.mozilla.org/r/160544/#review165822

r+ Does this generate any sandbox violations logged to Console.app? If so, could you document that on the bug?
Attachment #8889519 - Flags: review?(haftandilian) → review+
Nope, no logging -- genuinely unused across the board :-)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6fc6a92ad62e
Disallow content processes for using the com.apple.ocspd mach service; r=haik
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/6fc6a92ad62e
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.