Hi dev-platform, On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm delighted to announce that starting later this week, our macOS and Windows nightly builds will prohibit read access to most of the filesystem in the content process!
What does this mean for you? First and foremost, a more secure browser! Second, it means that if you see bugs, please report them, our goal is to put this on the trains for 56! If you run into anything, please file it as a blocker for https://bugzilla.mozilla.org/show_bug.cgi?id=1377522 . Finally, it means that in code you're writing, you should not expect to be able to read from the filesystem in the content process -- with the exception of inside the .app bundle, or in the chrome/ subdirectory of the profile directory. If you need access to a file in content, you should plan on remoting that to the parent process. When designing these APIs, please be careful to ensure the parent process is able to perform appropriate permissions checks such that the IPC mechanism isn't able to bypass the sandbox's goal of preventing a malicious content process from accessing the entire file system. This represents the culmination of a lot of work by a lot of folks, both on our team and on many other teams who helped out with refactoring their code -- thank you! We're looking forward to also shipping this for Linux soon. Cheers, Alex _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform