Closed
Bug 1386300
Opened 7 years ago
Closed 7 years ago
[meta] [Mac] Remove iokit permissions from the content sandbox
Categories
(Core :: Security: Process Sandboxing, enhancement)
Tracking
()
RESOLVED
FIXED
People
(Reporter: haik, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: meta)
On OS X, the IOKit framework is used to allow user code to interface with device drivers. Device drivers are a kernel attack vector. We have some rules in our content sandbox allowing instances of this and we should those rules where possible.
Reporter | ||
Updated•7 years ago
|
Reporter | ||
Updated•7 years ago
|
Comment 1•7 years ago
|
||
Going to declare this work completed - we still have two categories of iokit-opens left in content, which have dedicated bugs:
- graphics - bug 1405092
- audio - bug 1405091
We removed all the other iokit rules we could, and these two categories can be tracked there.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•