Open Bug 1854722 Opened 2 years ago Updated 2 years ago

Use a new executable for the macOS Utility process

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Desktop
macOS
Type:
enhancement

Tracking

()

People

(Reporter: haik, Assigned: haik)

Details

Today, on macOS, Firefox utility processes run out of the plugin-container executable. With the fix for bug 1593072, we have the infrastructure support for using per-executable entitlement lists during codesigning. For utility processes, we could harden the execution environment by adding a new executable which includes the page protection entitlement. plugin-container disables the page protection entitlement (com.apple.security.cs.disable-executable-page-protection) to allow for JIT execution.

This effort should be very similar to the work done on bug 1827747 where a new executable for the GMP process on macOS was added.

Assignee: nobody → haftandilian
Severity: -- → N/A
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.