Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 04:35:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f514ff97b3
gecko-dev/security/sandbox
History
Alex Gaynor f514ff97b3 Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik 
On macOS, the file-write* permission type contains numerous sub-permissions (see
bug for full listing). Restrict the ones we allow to only the two we need:
file-write-create and file-write-data. This primarily reduces kernel attack
surface, I'm not aware of any bad things that could be done directly with the
removed permissions.

MozReview-Commit-ID: 3VvjFesy2qx

--HG--
extra : rebase_source : 934ec17c44c9ef3d7fab29919d66cf1a55d57697
2017-07-07 11:05:01 -04:00
..
chromium Bug 1378061: Only set user's SID in USER_LIMITED as deny only when not using restricting SIDs. r=jimm 2017-07-05 21:00:55 +01:00
chromium-shim Bug 1378712 - Remove all trailing whitespaces r=Ehsan 2017-07-06 14:00:35 +02:00
common Bug 1377614 - Part 1 - Move IsDevelopmentBuild() to common code. r=Alex_Gaynor 2017-07-03 11:17:04 -07:00
linux Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp 2017-07-07 08:58:50 -06:00
mac Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik 2017-07-07 11:05:01 -04:00
test Bug 1379182 - Remove some unnecessary file-write permissions types from the content process on macOS; r=haik 2017-07-07 11:05:01 -04:00
win Bug 1368600: Add telemetry with the error code for when a Windows sandboxed child process fails to start. r=jimm, data-review=francois 2017-06-13 08:54:41 +01:00
modifications-to-chromium-to-reapply-after-upstream-merge.txt Bug 1337331 Part 7: Re-apply - Allow a special all paths rule in the Windows process sandbox when using semantics FILES_ALLOW_READONLY. r=jimm 2017-03-28 08:36:16 +01:00
moz-chromium-commit-status.txt Bug 1337331 Part 1: Update security/sandbox/chromium/ to commit b169b9a1cc402573843e8c952af14c4e43487e91. r=jld, r=aklotz, r=jimm 2017-03-29 14:23:17 +01:00
moz.build Backed out changeset 4e283b54baa6 (bug 1358223) for build bustage on Android at dom/ipc/ContentChild.cpp:21. r=backout 2017-05-31 21:34:13 +02:00