MozillaWiki

Security/Sandbox: Difference between revisions

Page Discussion

Security/Sandbox (view source)

Revision as of 18:19, 27 July 2017

921 bytes removed ,  27 July 2017
eol whiteboard bug lists
(Add info about about:config settings for distros)
(eol whiteboard bug lists)
Line 446: Line 446:
*** printing tests
*** printing tests
*** roll out level 3 to release
*** roll out level 3 to release
** Need to scope out future milestones including:
*** using an alternate desktop
*** using an alternate winstation and desktop
*** general file system (and registry) read access restrictions (USER_RESTRICTED / UESR_LOCKDOWN)
*** JOB_LOCKDOWN
*** reducing exposure to system APIs
*** running at untrusted integrity level
*** use of lowbox token / AppContainers


* OSX Content Process
* OSX Content Process
Line 463: Line 455:
*** file:/// isolation  
*** file:/// isolation  
*** roll out level2 OSX sandbox to release
*** roll out level2 OSX sandbox to release
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc3 sbmc3]
*** TBD: Triage existing sandbox rules and define set to remove in milestone 3
*** File access: system /tmp and /var/folders/ and any other individual directories
*** Limit User directory file access


* Linux Content Process
* Linux Content Process
Line 479: Line 467:
*** file:/// isolation?
*** file:/// isolation?
*** remote pulseaudio work (BLOCKED on media work, TBD)
*** remote pulseaudio work (BLOCKED on media work, TBD)
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc4 sblc4]
*** remove/restrict socket access/modification and solve X11 problem
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc5 sblc5]
*** make use of chroot and user namespaces


* Windows 64-bit NPAPI
* Windows 64-bit NPAPI
Jmathies
Confirmed users
1,982

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1176619"