Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 13:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
038afacb9f
gecko-dev/security/sandbox/mac
History
Alex Gaynor f514ff97b3 Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik 
On macOS, the file-write* permission type contains numerous sub-permissions (see
bug for full listing). Restrict the ones we allow to only the two we need:
file-write-create and file-write-data. This primarily reduces kernel attack
surface, I'm not aware of any bad things that could be done directly with the
removed permissions.

MozReview-Commit-ID: 3VvjFesy2qx

--HG--
extra : rebase_source : 934ec17c44c9ef3d7fab29919d66cf1a55d57697
2017-07-07 11:05:01 -04:00
..
moz.build Bug 1354678 - Switch our sandbox policies to use C++ raw strings and put them in a new header file r=haik 2017-04-14 13:12:09 -04:00
Sandbox.h Bug 1374557 - Part 1 - Add the ability to specify a list of paths to whitelist read access to in the macOS content sandbox; r=haik 2017-06-21 10:19:28 -04:00
Sandbox.mm Bug 1376163 - [10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta). r=Alex_Gaynor 2017-07-06 14:09:11 -07:00
SandboxPolicies.h Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik 2017-07-07 11:05:01 -04:00