FoxInABox: Difference between revisions
Jump to navigation
Jump to search
(→Status) |
No edit summary |
||
| Line 12: | Line 12: | ||
[[FoxInABox/ThingsThatShouldWork]] | [[FoxInABox/ThingsThatShouldWork]] | ||
Tracking: {{bug|925570}}. | Tracking: {{bug|925570}}. | ||
| Line 25: | Line 22: | ||
* {{ok|List and prioritize permissions to shut off}} | * {{ok|List and prioritize permissions to shut off}} | ||
* {{ok|Burn down permission list}} | * {{ok|Burn down permission list}} | ||
Permission Burndown List: | Permission Burndown List: | ||
| Line 67: | Line 61: | ||
* {{new|List and prioritize permissions to shut off}} | * {{new|List and prioritize permissions to shut off}} | ||
* {{new|Burn down permission list}} | * {{new|Burn down permission list}} | ||
Permission List: | Permission List: | ||
| Line 79: | Line 70: | ||
</table> | </table> | ||
=== | === Additional Pieces === | ||
These are some things that we need to attack next (after a basic sandbox). | |||
* GPU remoting (TBD) | * GPU remoting (TBD) | ||
* Accessibility support | * Accessibility support | ||
| Line 90: | Line 82: | ||
= Resources = | = Resources = | ||
== Sandboxing == | == Sandboxing == | ||
* [[Features/Security/Low_rights_Firefox]] | * [[Features/Security/Low_rights_Firefox]] -- {{bug|730956}} | ||
* [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's sandboxing page] | * [https://intranet.mozilla.org/User:Imelven@mozilla.com/Sandboxing Ian's sandboxing page] | ||
* [https://github.com/mozilla/servo/wiki Servo] | * [https://github.com/mozilla/servo/wiki Servo] | ||
* [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox] | * [http://www.chromium.org/developers/design-documents/sandbox Chromium Sandbox] | ||
* [[B2G/Architecture/System_Security/Seccomp|seccomp sandboxing on b2g]] | |||
* [http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf Apple's Sandbox guide] | |||
== Related projects == | == Related projects == | ||
Revision as of 21:29, 23 October 2013
Documentation
Status
We have a plan. Take the e10s code, slap the Chromium sandbox around the content process, and get AdBlockPlus working with it.
FoxInABox/ThingsThatShouldWork
Tracking: bug 925570.
Platform specific:
FxOS / B2G
Permission Burndown List:
|
Linux Firefox
Permission List:
| ||
Windows Firefox
Permission List:
|
MacOS X Firefox
Permission List:
|
Additional Pieces
These are some things that we need to attack next (after a basic sandbox).
- GPU remoting (TBD)
- Accessibility support
- Addon support path
- Process Model (evolving? 2? Per-Tab?)
- Incremental tightening plan
- Child process resource limits
- DevTools support
Resources
Sandboxing
- Features/Security/Low_rights_Firefox -- bug 730956
- Ian's sandboxing page
- Servo
- Chromium Sandbox
- seccomp sandboxing on b2g
- Apple's Sandbox guide
Related projects
- Electrolysis
- Embedding/IPCLiteAPI, https://github.com/tmeshkova/mozilla-central
- Native Client on Wikipedia - has links to papers on Native Client's design and use of SFI, as well as papers on SFI itself
- AMO/Squeaky, or Make Addons Awesome
How things work
Who we are
Some folks from the SecurityEngineering team: briansmith, mmc, keeler, grobinson, ckerschb, sid, and bbondy.
- Mailing list: boxing@lists.mozilla.org
- IRC: irc.mozilla.org #boxing