[mac] remove mach-lookup permissions for com.apple.ocspd

RESOLVED FIXED in Firefox 56

Status

()

enhancement
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Tracking

Trunk
mozilla56
Unspecified
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox56 fixed)

Details

Attachments

(1 attachment)

Assignee

Description

2 years ago
We don't use the system trust APIs for anything, so this is purely extra attack surface.
Assignee

Updated

2 years ago
Assignee: nobody → agaynor
Comment hidden (mozreview-request)

Comment 3

2 years ago
mozreview-review
Comment on attachment 8889519 [details]
Bug 1383818 - Disallow content processes for using the com.apple.ocspd mach service;

https://reviewboard.mozilla.org/r/160544/#review165822

r+ Does this generate any sandbox violations logged to Console.app? If so, could you document that on the bug?
Attachment #8889519 - Flags: review?(haftandilian) → review+
Assignee

Comment 4

2 years ago
Nope, no logging -- genuinely unused across the board :-)
Assignee

Updated

2 years ago
Keywords: checkin-needed

Comment 5

2 years ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6fc6a92ad62e
Disallow content processes for using the com.apple.ocspd mach service; r=haik
Keywords: checkin-needed

Comment 6

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/6fc6a92ad62e
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.