|
|
Line 418: |
Line 418: |
| = Bug Lists = | | = Bug Lists = |
|
| |
|
| * Windows Content Process
| | * [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1] |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc1 sbwc1]
| | * [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2] |
| *** low integrity sandbox support
| | * [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3] |
| *** Roll out level 1 sandbox policy to release. (completed, fx50)
| | <br> |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc2 sbwc2]
| | * [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full Bug List] |
| *** file:/// isolation
| | * [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=status_whiteboard&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711687 No priority set] |
| *** User token removal, to limit User directory file access
| | * [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas] |
| *** use JOB_RESTRICTED to apply further global restrictions
| |
| *** printing tests
| |
| *** roll out level 3 to release
| |
| | |
| * OSX Content Process
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc1 sbmc1]
| |
| *** Roll out level 1 OSX security sandbox access ruleset. (completed, fx52)
| |
| *** Prevent file system write access
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc2 sbmc2]
| |
| *** Home directory read access restrictions
| |
| *** file:/// isolation
| |
| *** roll out level2 OSX sandbox to release
| |
| | |
| * Linux Content Process
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc1 sblc1]
| |
| *** enable (heavily perforated) seccomp-bpf filter by default in Nightly
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc2 sblc2]
| |
| *** land basic file system broker
| |
| *** remove/restrict file system write access
| |
| *** roll out entry level file broker to release
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc3 sblc3]
| |
| *** remove/restrict file system read access
| |
| *** file:/// isolation?
| |
| *** remote pulseaudio work (BLOCKED on media work, TBD)
| |
| | |
| * Windows 64-bit NPAPI
| |
| ** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwn1 sbwn1]
| |
| ** (completed, fx52)
| |
|
| |
|
| == Triage Lists == | | == Triage Lists == |