[mac] remove mach-lookup permissions for com.apple.ocspd

RESOLVED FIXED in Firefox 56

Status

()

enhancement
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Tracking

Trunk
mozilla56
Unspecified
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox56 fixed)

Details

Attachments

(1 attachment)

We don't use the system trust APIs for anything, so this is purely extra attack surface.
Assignee: nobody → agaynor
Comment on attachment 8889519 [details]
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service;

https://reviewboard.mozilla.org/r/160544/#review165822

r+ Does this generate any sandbox violations logged to Console.app? If so, could you document that on the bug?
Attachment #8889519 - Flags: review?(haftandilian) → review+
Nope, no logging -- genuinely unused across the board :-)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6fc6a92ad62e
Disallow content processes for using the com.apple.ocspd mach service; r=haik
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/6fc6a92ad62e
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.