918680 - (fix-ipc-sandbox) Tighten content processes sandbox by securing use of IPC (or use IPC for resource access when not used)

Status: RESOLVED WONTFIX

(Firefox OS Graveyard :: General, defect)

Description

[Guillaume Destuynder [:kang] [this account is no longer active]]

This bug tracks all bugs which intent to tighten the sandbox whitelist by:

- Implementing an IPC call for resource access when this is not already done, but should (and currently result in a system call being whitelisted in the sandbox so that the resource can be directly accessed, such as open() for files)

- Ensuring that when IPC is used, proper resource access control occur in the parent process, and that the content processes only get the data they really need to get

- Ensuring that any input (over IPC) from content process to the parent process is never trusted by the parent

Comment 1

[Al Billings [:abillings - ex-MoCo]]

We have important bugs blocked on this. Is this going to be addressed soon?

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Al Billings [:abillings] from comment #1)
> We have important bugs blocked on this. Is this going to be addressed soon?

I'm a little confused by the question — this is a tracking bug for a large set of ongoing work, covering the gradual process of improving IPC security.

Comment 3

[Al Billings [:abillings - ex-MoCo]]

Well, we have security issues that it blocks that are not actively being worked on because it was expected that IPC security would be improved. Since some of these issues have been open for many releases, I'm trying to find out when this work will happen.

Comment 4

[Paul Theriault [:pauljt] (no longer reading bugmail)]

Moving to sandbox-sa in case any of this is still relevant.

Comment 5

[BMO Automation]

Firefox OS is not being worked on