Security/Sandbox/Testing/OSX

From MozillaWiki
Jump to: navigation, search

Testing that the OSX sandbox is enabled.

1. Start Firefox and navigate to about:home
2. Enable the Content Browser Toolbox https://www.youtube.com/watch?v=Cg6X_zIu7Xk
3. Start OSX Console (Applications > Utilities > Console)
4. Open the Content Browser Toolbox, and run the following script which attempts to create a file called "foo" in your profile directory

  var { utils: Cu, classes: Cc, interfaces: Ci } = Components; 
  let foo = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
  foo.initWithPath('~/foo')
  foo.create(Ci.nsIFile.NORMAL_FILE_TYPE,0o600)

5. If sandbox is enabled, you should see an error in the Browser Console like:

  14:25:57.282 [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFile.create]"  nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)"  location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1"  data: no]

6. Looking in OSX Console, you should see a line similar to:

  22/02/2017 2:25:57.000 PM kernel[0]: Sandbox: plugin-container(24008) deny(1) file-write-create /Users/ptheriault/foo
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/Testing/OSX&oldid=1163507"