Closed
Bug 1797769
Opened 2 years ago
Closed 6 months ago
Add LPAC access to the application directory for MSIX installs
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
RESOLVED
FIXED
121 Branch
| Tracking | Status | |
|---|---|---|
| firefox121 | --- | fixed |
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(1 file)
Processes running inside a Low Privileged Application Container (LPAC) will require access to our application files. In particular the binary files.
To achieve this we need to grant a specially derived (using DeriveCapabilitySidsFromName) SID read and execute access.
This bug is to investigate the situation with MSIX installs and add permissions if required/possible.
|
||
Updated•2 years ago
|
Severity: -- → S3
Priority: -- → P1
|
Assignee | |
Comment 1•6 months ago
|
||
Adding access to the package dir seems difficult, certainly after installation.
We can however give the LPAC a capability which allows access to the package contents using existing access.
|
|
Assignee | |
Comment 2•6 months ago
|
||
This gives the LPAC access to our binary files to launch the child process.
|
|
Assignee | |
Comment 3•6 months ago
•
|
||
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/2ea016e7ccac For MSIX installs add the packageContents capability. r=handyman
|
||
Comment 5•6 months ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
status-firefox121:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 121 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•