Open Bug 1670242 (site-isolation-principal-vetting) Opened 5 years ago Updated 2 days ago

[meta] Harden Site-Isolation by introducing IPC based Principal vetting

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
ASSIGNED

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Depends on 16 open bugs, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

When we load a document in Fission, we load URL into a specific content process. Within this project we wanna make sure that a URL assigned to a specific content process can only send Principals up to the parent process that match the URL of that content process.

While that obviously does not work in all the cases, because e.g. we create Principals for images loaded into a document which might be cross origin, the TriggeringPricnipal should always match the URL of the content process.

We will need a multitude of sub bugs for this project to realize, because there a multitude of different load scenarios, so let's keep this bug as a meta bug.

Depends on: 1670244
Severity: -- → N/A
Priority: -- → P3
Depends on: 1671166
Depends on: 1672648
Depends on: fission-ipc-map
Depends on: 1678310
Alias: site-isolation-principal-vetting
Depends on: 1690844
Depends on: 1696391
Depends on: 1699389
Depends on: 1700639
Blocks: 1639200
No longer blocks: 1639200
Depends on: 1639200
Depends on: 1701670
Depends on: 1703323
Depends on: 1706407
Depends on: 1758161
Depends on: 1873517
Depends on: 1873518
Depends on: 1873519
Depends on: 1873522
Depends on: 2020534
Depends on: 2020805
Depends on: 2022260
Depends on: 2021969
Depends on: 2014254
Depends on: 2010310
Depends on: 2022394
Depends on: 2022681
No longer depends on: 2020534
Depends on: 2025176
Depends on: 1495835
Depends on: 1494459
Depends on: 1494457
Depends on: 1494447
Depends on: 1501072
You need to log in before you can comment on or make changes to this bug.