On Fri, Jul 21, 2017 at 7:48 AM, Andrea Marchesini <amarches...@mozilla.com> wrote:
> There are some APIs able to read files in the content process using > nsFileInputStream: FileReader is one of them. > The file is opened on the parent process (because of a FilePicker, or > Entries API), the file descriptor is sent to the content process where the > reading happens. > Is this supported yet? > Yes, reading from a file descriptor opened in the parent should continue to work. Haik > > On Fri, Jul 21, 2017 at 3:44 PM, <bo...@mozilla.com> wrote: > > > As a follow-up to this, tomorrow's (2017-07-22) Nightly will have this > > enabled for the Windows content process sandbox as well. > > > > On Windows this removes access that the User gains via their own SID. > > So generally things under their home directory (C:\Users\<username>\). > > With exceptions for the Firefox installation directory and the chrome > > directory in the profile. > > > > There are a few other restrictions included as well, for example reading > > and writing to the clipboard. > > > > If you hit any issues on Windows after tomorrow that disappear when you > > set the pref security.sandbox.content.level to 2 or lower, please file a > > bug to block https://bugzilla.mozilla.org/show_bug.cgi?id=1366697. > > > > Cheers, > > Bob > > > > > > On Thursday, 6 July 2017 15:07:50 UTC+1, Alex Gaynor wrote: > > > Hi dev-platform, > > > > > > On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm > > > delighted > > > to announce that starting later this week, our macOS and Windows > nightly > > > builds > > > will prohibit read access to most of the filesystem in the content > > process! > > > > > > What does this mean for you? First and foremost, a more secure browser! > > > Second, > > > it means that if you see bugs, please report them, our goal is to put > > this > > > on > > > the trains for 56! If you run into anything, please file it as a > blocker > > for > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1377522 . > > > > > > Finally, it means that in code you're writing, you should not expect to > > be > > > able > > > to read from the filesystem in the content process -- with the > exception > > of > > > inside the .app bundle, or in the chrome/ subdirectory of the profile > > > directory. > > > > > > If you need access to a file in content, you should plan on remoting > that > > > to the > > > parent process. When designing these APIs, please be careful to ensure > > the > > > parent process is able to perform appropriate permissions checks such > > that > > > the > > > IPC mechanism isn't able to bypass the sandbox's goal of preventing a > > > malicious > > > content process from accessing the entire file system. > > > > > > This represents the culmination of a lot of work by a lot of folks, > both > > on > > > our > > > team and on many other teams who helped out with refactoring their code > > -- > > > thank > > > you! > > > > > > We're looking forward to also shipping this for Linux soon. > > > > > > Cheers, > > > Alex > > > > _______________________________________________ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-platform > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
