Closed Bug 1531892 Opened 6 years ago Closed 5 years ago

Sandbox the socket process

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox67 --- affected

People

(Reporter: Alex_Gaynor, Unassigned)

References

(Blocks 2 open bugs)

Details

Filing an initial bug to track that we'll want to sandbox the socket process for macOS, Linux, and Windows (will eventually split those into separate bugs).

My understanding is that most of the things in the sandbox process will be moved from the parent process -- so we don't need a sandbox before we ship those (though of course it'd be a nice security win if we did).

However, I believe some of the things are being moved out of the sandboxed content process, is that right? For these we really should have a sandbox before they ship, else we're regressing.

Is all of that right? Assuming it is, where in the roadmap is moving things out of the content process? And is the socket process ready for our team to look into helping out with sandboxing it?

Blocks: 1532168
Depends on: 1611290
Depends on: 1608558
Depends on: 1611288

Further hardening work in Bug 1539909.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.