mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/sandbox/linux
История
Jed Davis c5a7acdf32 Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=froydnj,gcp 
This patch uses the shared memory name prefixes introduced in bug 1447867
to prevent access to /dev/shm files of other applications or other
processes within the same browser instance.

When a shared memory implementation that doesn't use shm_open is available
(specifically, the memfd_create support to be added in bug 1440203),
/dev/shm access is completely denied.

MozReview-Commit-ID: L2ylG5KrXTU

--HG--
extra : rebase_source : ca1deece6117e843d691a13fff05bd0f97ec0408
 		2018-04-12 23:48:16 -06:00
..
broker Bug 1439057 - Tighten /dev/shm access in Linux content sandbox policy. r=froydnj,gcp 2018-04-12 23:48:16 -06:00
glue Bug 1435483 part 16. Switch to using dom::Exception, not nsIException, in C++ code. r=qdot 2018-02-05 16:34:05 -05:00
gtest Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp 2017-08-31 20:38:25 -06:00
interfaces
launch Bug 1452509 - Make -DMOZ_ALSA global and prune duplicate -DMOZ_PULSEAUDIO. r=froydnj 2018-03-19 02:13:04 +00:00
reporter Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp 2017-07-24 17:33:07 -06:00
LinuxSched.h
Sandbox.cpp Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r=gcp 2018-03-07 18:55:20 -07:00
Sandbox.h Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp 2018-01-23 22:35:44 -07:00
SandboxBrokerClient.cpp Bug 1434711 - WebGL causes a crash with the AMDGPU-PRO video driver. r=jld 2018-03-29 14:04:46 +02:00
SandboxBrokerClient.h Bug 1440206 - Allow brokered access to a subset of connect() in the Linux content sandbox. r=gcp 2018-03-09 19:31:23 -07:00
SandboxChrootProto.h Bug 1401062 - Create Linux child processes with clone() for namespace/chroot sandboxing. r=gcp 2017-10-06 17:16:41 -06:00
SandboxFilter.cpp Bug 1445003 - Detect RenderDoc and adjust the sandbox policy so it can work. r=gcp 2018-03-12 20:21:08 -06:00
SandboxFilter.h Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp 2018-01-23 22:35:44 -07:00
SandboxFilterUtil.cpp Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp 2018-01-29 17:36:06 -07:00
SandboxFilterUtil.h Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp 2018-01-29 17:36:06 -07:00
SandboxHooks.cpp Bug 1438401 - Quietly fail shmget() in sandboxed content processes. r=gcp 2018-02-27 21:30:08 -07:00
SandboxInfo.cpp Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp 2018-02-08 17:46:42 -07:00
SandboxInfo.h Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE 2017-11-10 19:23:58 +02:00
SandboxInternal.h
SandboxLogging.cpp
SandboxLogging.h
SandboxOpenedFiles.cpp
SandboxOpenedFiles.h
SandboxReporterClient.cpp Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp 2018-01-09 19:54:56 -07:00
SandboxReporterClient.h Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp 2018-01-09 19:54:56 -07:00
moz.build Bug 1452509 - Make -DMOZ_ALSA global and prune duplicate -DMOZ_PULSEAUDIO. r=froydnj 2018-03-19 02:13:04 +00:00