We also need to take nsISeekableStreams into account.
So for the HTTP file upload case: is the file select dialog in the parent process? Otherwise I don't see how this makes anything more secure: the child either needs to pass a filename (so the parent can open and read it), or the child needs to open it and stream the data across IPDL (which means we're allowing the child to open files). Or is this bug just about streams being sent from parent->child?
We would like this but it's not a blocker.
blocking-basecamp: --- → -
We open the file in the parent process and dup() the file descriptor across to the child process. So I'm pretty sure this is WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.