202
edits
Security/Sandbox/Deny Filesystem Access: Difference between revisions
Jump to navigation
Jump to search
Security/Sandbox/Deny Filesystem Access (view source)
Revision as of 22:59, 18 May 2016
, 18 May 2016no edit summary
Haftandilian (talk | contribs) |
Haftandilian (talk | contribs) No edit summary |
||
| Line 26: | Line 26: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Bug !! What does it block? | ! Bug !! What does it block? !! Why do we need it? | ||
|- | |- | ||
| {{bug|922481}} e10s: remote the file:// protocol || Blocks disabling read access to $HOME and other locations || A compromised content process shouldn't be able to read arbitrary files, but when the user does File->Open or uses a file:/// | | {{bug|922481}} e10s: remote the file:// protocol || Blocks disabling read access to $HOME and other locations || A compromised content process shouldn't be able to read arbitrary files, but when the user does File->Open or uses a file:/// URI, that must continue to work. | ||
Another approach to this is to open file:// URI's in the chrome process. | |||
A content process that has read or write access to a local file (even indirectly through the parent), shouldn't also be used for web content. So it follows that more than one content process would be needed. | |||
|- | |- | ||
| {{bug|1090454}} Trigger print jobs from the parent instead of the child when printing from a remote browser || Blocks disabling write access to $HOME and other locations || TBD. For printing and print-to-file. (TBD, because I don't understand the details of why printing requires writing to filesystem). | | {{bug|1090454}} Trigger print jobs from the parent instead of the child when printing from a remote browser || Blocks disabling write access to $HOME and other locations || TBD. For printing and print-to-file. (TBD, because I don't understand the details of why printing requires writing to filesystem). | ||