FoxInABox: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 28: Line 28:
   "status": ["NEW", "UNCONFIRMED", "RESOLVED", "REOPENED"],
   "status": ["NEW", "UNCONFIRMED", "RESOLVED", "REOPENED"],
   "blocks": "918680",
   "blocks": "918680",
   "include_fields": "last_change_time, id, summary, status, assigned_to"
   "include_fields": "id, summary, status"
}
}
</bugzilla>
</bugzilla>




</td><td>
</td><td style="text-align:top">


=== Linux Firefox ===
=== Linux Firefox ===

Revision as of 21:37, 23 October 2013

The fox cannot escape the box.
The fox is safe in the sandbox. The fox cannot escape.

Documentation

Status

We have a plan. Take the e10s code, slap the Chromium sandbox around the content process, and get AdBlockPlus working with it.

FoxInABox/ThingsThatShouldWork

Tracking: bug 925570.

Platform specific:

FxOS / B2G

  • [DONE] Land Library bug 742434
  • [DONE] Tie in to process model bug 790923
  • [ON TRACK] List and prioritize permissions to shut off
  • [ON TRACK] Burn down permission list

Permission Burndown List (see bug 918680 for details):

Full Query
ID Summary Status
898117 layers IPC infrastructure allows child to trigger parent-process UAF RESOLVED
898563 Parent side of APZC messaging needs to be hardened against malicious children RESOLVED
906996 Remove unlink() from seccomp-bpf whitelist RESOLVED
923530 Consistently handle IPDL actor death in Gfx NEW
927633 Make child processes access UA overrides through IPC RESOLVED
930258 Remove open() from seccomp whitelist on B2G RESOLVED
931086 IPC: crash while randomly closing a pipe [@mozilla::layers::CompositorParent::NotifyShadowTreeTransaction] RESOLVED
940863 Should we expose access to TmpD to child processes over IPC? RESOLVED
947784 Move "mobilenetwork" permission check to parent and create a sandbox safe implementation RESOLVED
948574 [e10s] remote nsISiteSecurityService::IsSecureHost/IsSecureURI RESOLVED
951405 re-work certificate error page loading so that child processes never need nsISiteSecurityService (even remotely) RESOLVED
973987 Notifications do not go through the parent RESOLVED
1121295 Reduce B2G content process sandbox filesystem broker whitelist RESOLVED

13 Total; 1 Open (7.69%); 12 Resolved (92.31%); 0 Verified (0%);


Linux Firefox

  • [DONE] Land Library bug 742434
  • [ON TRACK] Tie in to process model
  • [ON TRACK] List and prioritize permissions to shut off
  • [ON TRACK] Burn down permission list

Permission List:

TBD

Windows Firefox

  • [ON TRACK] Land Library bug 922756
  • [NEW] Tie in to process model
  • [NEW] List and prioritize permissions to shut off
  • [NEW] Burn down permission list

Permission List:

TBD

MacOS X Firefox

  • [NEW] Land Library -- bug 387248
  • [NEW] Tie in to process model
  • [NEW] List and prioritize permissions to shut off
  • [NEW] Burn down permission list

Permission List:

TBD

Additional Pieces

These are some things that we need to attack next (after a basic sandbox).

  • GPU remoting (TBD)
  • Accessibility support
  • Addon support path
  • Process Model (evolving? 2? Per-Tab?)
  • Incremental tightening plan
  • Child process resource limits
  • DevTools support

Resources

Sandboxing

Related projects

How things work

Who we are

Some folks from the SecurityEngineering team: briansmith, mmc, keeler, grobinson, ckerschb, sid, and bbondy.

  • Mailing list: boxing@lists.mozilla.org
  • IRC: irc.mozilla.org #boxing
Retrieved from "https://wiki.mozilla.org/index.php?title=FoxInABox&oldid=735666"