Open
Bug 1593389
Opened 5 years ago
Updated 10 months ago
[meta] Use different executables for different child process types
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
NEW
People
(Reporter: haik, Unassigned)
References
Details
(Keywords: meta)
Using different executables instead of the same plugin-container binary would allow us to use different entitlements for web content and plugin processes. Web/file content processes should not have to load any libraries not signed by Apple or Mozilla (unlike Widevine or Flash plugin processes) so this would allow us to use the more strict entitlement that prevents loading of libraries not signed by Apple or the same team ID as the application. See also bug 1529390.
Reporter | ||
Updated•5 years ago
|
Priority: -- → P2
Updated•2 years ago
|
Severity: normal → S3
Reporter | ||
Updated•1 year ago
|
Assignee: nobody → haftandilian
Priority: P2 → P1
Reporter | ||
Updated•1 year ago
|
Assignee: haftandilian → nobody
Keywords: meta
Summary: [macOS] Use different executables for different child process types → [meta] Use different executables for different child process types
You need to log in
before you can comment on or make changes to this bug.
Description
•