Open Bug 1593389 Opened 5 years ago Updated 10 months ago

[meta] Use different executables for different child process types

Tracking

()

Status:

NEW

People

(Reporter: haik, Unassigned)

References

Details

(Keywords: meta)

Haik Aftandilian [:haik]

Reporter

Description

•

5 years ago

•

Edited

Using different executables instead of the same plugin-container binary would allow us to use different entitlements for web content and plugin processes. Web/file content processes should not have to load any libraries not signed by Apple or Mozilla (unlike Widevine or Flash plugin processes) so this would allow us to use the more strict entitlement that prevents loading of libraries not signed by Apple or the same team ID as the application. See also bug 1529390.

Haik Aftandilian [:haik]

Reporter

Updated

•

5 years ago

Priority: -- → P2

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Haik Aftandilian [:haik]

Reporter

Updated

•

1 year ago

Assignee: nobody → haftandilian

Priority: P2 → P1

Haik Aftandilian [:haik]

Reporter

Updated

•

1 year ago

Assignee: haftandilian → nobody

Keywords: meta

Summary: [macOS] Use different executables for different child process types → [meta] Use different executables for different child process types

Haik Aftandilian [:haik]

Reporter

Updated

•

1 year ago

Depends on: 1827747

Haik Aftandilian [:haik]

Reporter

Updated

•

1 year ago

Depends on: 1593072

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[meta] Use different executables for different child process types

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Tracking

()

People

(Reporter: haik, Unassigned)

References

Details

(Keywords: meta)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated