Open Bug 1898262 Opened 6 months ago Updated 5 months ago

Add more job limits on child process

Categories

(Core :: Security: Process Sandboxing, defect, P3)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: Tom25519, Unassigned)

Details

GPU process maybe could add more job limits like RDD process, such as Exit Windows, Administrator Access, Write Clipboard, Read Clipboard, etc, but I don't know if something like Global Atoms, etc could be add or not.

OS: Unspecified → Windows
Summary: Add more job limits on GPU process → Add more job limits on GPU process and Utility - Windows Media Foundation CDM process

Besides, we should:

  1. Add job limits on Windows Media Foundation CDM process.
  2. Set JOB_OBJECT_LIMIT_ACTIVE_PROCESS to 0 on extension process
Summary: Add more job limits on GPU process and Utility - Windows Media Foundation CDM process → Add more job limits on child process

(In reply to Tom25519 from comment #1)

Besides, we should:

  1. Add job limits on Windows Media Foundation CDM process.
  2. Set JOB_OBJECT_LIMIT_ACTIVE_PROCESS to 0 on extension process

Edit: on 2, we should set on all Firefox child processes which needn't create child process, some of them are still = 1.

Bob, WDYT?

Severity: -- → S3
Flags: needinfo?(bobowencode)
Priority: -- → P3

I believe we have the same settings for this as chromium browsers do.
However, on the face of it, it does look like we should be able to add some of these limitations.

No longer blocks: 1359559
Flags: needinfo?(bobowencode)
You need to log in before you can comment on or make changes to this bug.