Open Bug 1531892 Opened 1 year ago Updated 11 days ago

Sandbox the socket process

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

enhancement

Tracking

()

Tracking Status
firefox67 --- affected

People

(Reporter: Alex_Gaynor, Unassigned)

References

(Blocks 2 open bugs)

Details

Filing an initial bug to track that we'll want to sandbox the socket process for macOS, Linux, and Windows (will eventually split those into separate bugs).

My understanding is that most of the things in the sandbox process will be moved from the parent process -- so we don't need a sandbox before we ship those (though of course it'd be a nice security win if we did).

However, I believe some of the things are being moved out of the sandboxed content process, is that right? For these we really should have a sandbox before they ship, else we're regressing.

Is all of that right? Assuming it is, where in the roadmap is moving things out of the content process? And is the socket process ready for our team to look into helping out with sandboxing it?

Depends on: 1611290
You need to log in before you can comment on or make changes to this bug.