Security/Sandbox: Difference between revisions

new bug lists
(I work on this!)
(new bug lists)
Line 418: Line 418:
= Bug Lists =
= Bug Lists =


* Windows Content Process
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P1&f1=keywords&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta&list_id=13711690 P1]
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc1 sbwc1]
* [https://bugzilla.mozilla.org/buglist.cgi?list_id=13711673&o1=notsubstring&status_whiteboard_type=allwordssubstr&status_whiteboard=sb%2B&v1=meta&priority=P2&f1=keywords&resolution=---&query_format=advanced P2]
*** low integrity sandbox support
* [https://bugzilla.mozilla.org/buglist.cgi?priority=P3&f1=keywords&list_id=13711682&o1=notsubstring&resolution=---&status_whiteboard_type=allwordssubstr&query_format=advanced&status_whiteboard=sb%2B&v1=meta P3]
*** Roll out level 1 sandbox policy to release. (completed, fx50)
<br>
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwc2 sbwc2]
* [https://bugzilla.mozilla.org/buglist.cgi?product=Core&component=Security%3A%20Process%20Sandboxing&resolution=---&list_id=13711685 Full Bug List]
*** file:/// isolation
* [https://bugzilla.mozilla.org/buglist.cgi?priority=--&f1=status_whiteboard&o1=notsubstring&resolution=---&query_format=advanced&v1=meta&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711687 No priority set]
*** User token removal, to limit User directory file access
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=meta&keywords_type=allwords&resolution=---&query_format=advanced&component=Security%3A%20Process%20Sandboxing&product=Core&list_id=13711689 Metas]
*** use JOB_RESTRICTED to apply further global restrictions
*** printing tests
*** roll out level 3 to release
 
* OSX Content Process
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc1 sbmc1]
*** Roll out level 1 OSX security sandbox access ruleset. (completed, fx52)
*** Prevent file system write access
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbmc2 sbmc2]
*** Home directory read access restrictions
*** file:/// isolation
*** roll out level2 OSX sandbox to release
 
* Linux Content Process
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc1 sblc1]
*** enable (heavily perforated) seccomp-bpf filter by default in Nightly
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc2 sblc2]
*** land basic file system broker
*** remove/restrict file system write access
*** roll out entry level file broker to release
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc3 sblc3]
*** remove/restrict file system read access
*** file:/// isolation?
*** remote pulseaudio work (BLOCKED on media work, TBD)
 
* Windows 64-bit NPAPI
** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asbwn1 sbwn1]
** (completed, fx52)


== Triage Lists ==
== Triage Lists ==
Confirmed users
1,982

edits