FoxInABox: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 23: Line 23:
* {{ok|Burn down permission list}}
* {{ok|Burn down permission list}}


Permission Burndown List:
Permission Burndown List (see {{bug|918680}} for details):
{|
<bugzilla>
|TBD
{
|}
  "status": ["NEW", "UNCONFIRMED", "RESOLVED", "REOPENED"],
  "blocks": "918680",
  "include_fields": "last_change_time, id, summary, status, assigned_to"
}
</bugzilla>
 


</td><td>
</td><td>

Revision as of 21:36, 23 October 2013

The fox cannot escape the box.
The fox is safe in the sandbox. The fox cannot escape.

Documentation

Status

We have a plan. Take the e10s code, slap the Chromium sandbox around the content process, and get AdBlockPlus working with it.

FoxInABox/ThingsThatShouldWork

Tracking: bug 925570.

Platform specific:

FxOS / B2G

  • [DONE] Land Library bug 742434
  • [DONE] Tie in to process model bug 790923
  • [ON TRACK] List and prioritize permissions to shut off
  • [ON TRACK] Burn down permission list

Permission Burndown List (see bug 918680 for details):

Full Query
Last change time ID Summary Status Assigned to
2017-05-09T18:28:08Z 898117 layers IPC infrastructure allows child to trigger parent-process UAF RESOLVED Benoit Jacob [:bjacob] (mostly away)
2015-08-30T19:12:09Z 898563 Parent side of APZC messaging needs to be hardened against malicious children RESOLVED Kartikaya Gupta (email:kats@mozilla.staktrace.com)
2015-03-13T19:59:29Z 906996 Remove unlink() from seccomp-bpf whitelist RESOLVED Jed Davis [:jld] ⟨⏰|UTC-8⟩ ⟦he/him⟧
2022-10-11T15:06:29Z 923530 Consistently handle IPDL actor death in Gfx NEW
2013-11-21T22:26:05Z 927633 Make child processes access UA overrides through IPC RESOLVED Mason Chang [Inactive] [:mchang]
2015-10-15T21:19:25Z 930258 Remove open() from seccomp whitelist on B2G RESOLVED Jed Davis [:jld] ⟨⏰|UTC-8⟩ ⟦he/him⟧
2023-06-25T22:27:52Z 931086 IPC: crash while randomly closing a pipe [@mozilla::layers::CompositorParent::NotifyShadowTreeTransaction] RESOLVED
2015-01-14T02:48:05Z 940863 Should we expose access to TmpD to child processes over IPC? RESOLVED Jed Davis [:jld] ⟨⏰|UTC-8⟩ ⟦he/him⟧
2019-03-13T13:42:05Z 947784 Move "mobilenetwork" permission check to parent and create a sandbox safe implementation RESOLVED Jessica Jong [:jessica] (inactive)
2015-10-16T22:51:16Z 948574 [e10s] remote nsISiteSecurityService::IsSecureHost/IsSecureURI RESOLVED Jim Mathies [:jimm]
2014-07-03T20:29:39Z 951405 re-work certificate error page loading so that child processes never need nsISiteSecurityService (even remotely) RESOLVED
2020-01-09T22:59:28Z 973987 Notifications do not go through the parent RESOLVED
2017-03-31T19:22:24Z 1121295 Reduce B2G content process sandbox filesystem broker whitelist RESOLVED

13 Total; 1 Open (7.69%); 12 Resolved (92.31%); 0 Verified (0%);


Linux Firefox

  • [DONE] Land Library bug 742434
  • [ON TRACK] Tie in to process model
  • [ON TRACK] List and prioritize permissions to shut off
  • [ON TRACK] Burn down permission list

Permission List:

TBD

Windows Firefox

  • [ON TRACK] Land Library bug 922756
  • [NEW] Tie in to process model
  • [NEW] List and prioritize permissions to shut off
  • [NEW] Burn down permission list

Permission List:

TBD

MacOS X Firefox

  • [NEW] Land Library -- bug 387248
  • [NEW] Tie in to process model
  • [NEW] List and prioritize permissions to shut off
  • [NEW] Burn down permission list

Permission List:

TBD

Additional Pieces

These are some things that we need to attack next (after a basic sandbox).

  • GPU remoting (TBD)
  • Accessibility support
  • Addon support path
  • Process Model (evolving? 2? Per-Tab?)
  • Incremental tightening plan
  • Child process resource limits
  • DevTools support

Resources

Sandboxing

Related projects

How things work

Who we are

Some folks from the SecurityEngineering team: briansmith, mmc, keeler, grobinson, ckerschb, sid, and bbondy.

  • Mailing list: boxing@lists.mozilla.org
  • IRC: irc.mozilla.org #boxing
Retrieved from "https://wiki.mozilla.org/index.php?title=FoxInABox&oldid=735665"