Closed Bug 1383818 Opened 7 years ago Closed 7 years ago

[mac] remove mach-lookup permissions for com.apple.ocspd

Categories

(Core :: Security: Process Sandboxing, enhancement)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
macOS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

References

Details

Attachments

(1 file)

Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service;
59 bytes, text/x-review-board-request
haik
: review+
Details
We don't use the system trust APIs for anything, so this is purely extra attack surface.
Assignee: nobody → agaynor
Comment on attachment 8889519 [details] Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service; https://reviewboard.mozilla.org/r/160544/#review165822 r+ Does this generate any sandbox violations logged to Console.app? If so, could you document that on the bug?
Attachment #8889519 - Flags: review?(haftandilian) → review+
Nope, no logging -- genuinely unused across the board :-)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/6fc6a92ad62e Disallow content processes for using the com.apple.ocspd mach service; r=haik
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/6fc6a92ad62e
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: