Closed
Bug 1359573
Opened 8 years ago
Closed 7 years ago
[meta] [mac] review mach-lookup permissions for what can be removed
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox55 | --- | affected |
People
(Reporter: Alex_Gaynor, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: meta, Whiteboard: sb+)
https://dxr.mozilla.org/mozilla-central/source/security/sandbox/mac/SandboxPolicies.h#160-178
We currently allow many mach-lookups, which were mostly inherited from |/System/Library/Sandbox/Profiles/system.sb|. We should review this and figure out what can be removed, and what the blockers for removing other items are.
Updated•8 years ago
|
status-firefox55:
--- → affected
status-firefox57:
affected → ---
Updated•8 years ago
|
Whiteboard: sbmc3
Reporter | ||
Updated•7 years ago
|
Keywords: meta
Summary: [mac] review mach-lookup permissions for what can be removed → [meta] [mac] review mach-lookup permissions for what can be removed
Updated•7 years ago
|
Updated•7 years ago
|
Priority: -- → P1
Whiteboard: sbmc3 → sb+
Reporter | ||
Comment 1•7 years ago
|
||
Declaring this to be resolved. At this point we have investigated all of the mach-lookup permissions allowed in the content sandbox, removed the ones which we could, and know what the blockers are for the others!
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•