Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 23:35:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fabf9a4e7b
gecko-dev/security/sandbox
History
Jed Davis 9bdbd2d99f Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp 
Also covers fchownat() and attempts to be ready for newer archs like ARM64.

Bonus fix: extend bug 1354731 (mknod) fix to cover mknodat so this part
of the policy isn't glaringly inconsistent about "at" syscalls.

Tested locally by attaching gdb and injecting syscalls.

MozReview-Commit-ID: CCOk0jZVoG4

--HG--
extra : rebase_source : 1d0cafd9d91586eaec0233ff15b3bbb1ef7485f0
2018-02-15 16:10:00 -07:00
..
chromium Bug 1432381: Replace sidestep resolvers with stubs as they are not actually used. r=aklotz 2018-02-06 08:52:26 +00:00
chromium-shim Bug 1432381: Replace sidestep resolvers with stubs as they are not actually used. r=aklotz 2018-02-06 08:52:26 +00:00
common Bug 1126437 - Add Linux content sandbox level 4 for blocking socket APIs. r=gcp 2018-01-23 22:35:44 -07:00
linux Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp 2018-02-15 16:10:00 -07:00
mac Bug 1436566 - [Mac] Land disabled-by-default sandboxing for the Flash NPAPI plugin process. r=Alex_Gaynor,jimm 2018-02-12 15:46:31 -08:00
test Bug 1436575 - Manually fix the errors from no-compare-against-boolean-literal that the autofix couldn't change. r=standard8 2018-02-08 13:35:53 -05:00
win Bug 1415160: Part 2 - Add mitigations to plugin process if not running from network drive r=bobowen 2017-12-21 12:36:02 -08:00
moz.build Bug 1432381: Replace sidestep resolvers with stubs as they are not actually used. r=aklotz 2018-02-06 08:52:26 +00:00