202
edits
Security/Sandbox/Deny Filesystem Access: Difference between revisions
Jump to navigation
Jump to search
Security/Sandbox/Deny Filesystem Access (view source)
Revision as of 23:23, 16 May 2016
, 16 May 2016→Cross-Platform Blockers
Haftandilian (talk | contribs) |
Haftandilian (talk | contribs) |
||
| Line 21: | Line 21: | ||
* {{bug|1196384}} - (sandbox-fs) [meta] Cross-platform blockers for default-deny filesystem policy for content processes | * {{bug|1196384}} - (sandbox-fs) [meta] Cross-platform blockers for default-deny filesystem policy for content processes | ||
** [https://bugzilla.mozilla.org/showdependencytree.cgi?id=1196384&hide_resolved=1 Dependency Tree] | ** [https://bugzilla.mozilla.org/showdependencytree.cgi?id=1196384&hide_resolved=1 Dependency Tree] | ||
{| class="wikitable" | |||
|- | |||
! Bug !! What does it block? || Why do we need it? | |||
|- | |||
| {{bug|922481}} e10s: remote the file:// protocol || Blocks disabling read access to $HOME and other locations || A compromised content process shouldn't be able to read arbitrary files, but when the user does File->Open or uses a file:/// URL, that must continue to work. | |||
|- | |||
| {{bug|1136836}} Load chrome: URLs through parent process || Blocks disabling read access to $HOME || Addons can load scripts and resources from the profile directory using chrome: and resource: URL's. Example, an add-on calling loadFromScript("chrome://foo/bar") from the Parent process results in Content trying to load that URL. | |||
|} | |||
== Windows Blockers == | == Windows Blockers == | ||