Open Bug 1860950 Opened 2 years ago Updated 1 year ago

Drop the disable-library-validation entitlement from the parent process executable

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Desktop
macOS
Type:
enhancement

Tracking

()

People

(Reporter: haik, Assigned: haik)

Details

This bug is to remove the com.apple.security.cs.disable-library-validation entitlement from the parent process executable. At this time, is is required to allow for loading of user-specified pkcs#11 modules.

With the fix for bug 1593072 - Use different entitlement files for child processes and other resources, we added support to our release pipeline for different entitlements for different executables in the bundle.

At the same time we attempted to reduce the entitlements allowed for each executable. The fix went to far and removed com.apple.security.cs.disable-library-validation from the parent process executable and we added it back to address bug 1856972.

Severity: -- → S3
Priority: -- → P2
Assignee: nobody → haftandilian
You need to log in before you can comment on or make changes to this bug.