canmove, Confirmed users
1,220
edits
Security/Sandbox/Hardening: Difference between revisions
→File access
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 59: | Line 59: | ||
* Unrestricted read access to the local file system in order to load file:// URIs | * Unrestricted read access to the local file system in order to load file:// URIs | ||
* Remote content must never be loaded as the top level (remote content must load in the web content process) | * Remote content must never be loaded as the top level (remote content must load in the web content process) | ||
** Documents loaded form file:// URIs can load remote content though (see issue 1 below). | |||
* Otherwise the same exceptions as a web content process | * Otherwise the same exceptions as a web content process | ||
| Line 65: | Line 65: | ||
'''Open Issues''' | '''Open Issues''' | ||
# The file content process is currently allowed to access remote content, and this is likely to remain as conceptually locally hosted webpages may legally request remote resources. A remote attacker able to coerce the browser to initiate the File Content process to load a nested resource such as iframe, would be able to bypass the file read restrictions of the Web Content Sandbox. We need to ensure that this is not possible. | |||
# What is the file access policy for the WebExtension process? Can we increase restrictions of the content process sandbox post-depreciation of old-style addons? | |||
=== Network connectivity === | === Network connectivity === | ||