There are some APIs able to read files in the content process using nsFileInputStream: FileReader is one of them. The file is opened on the parent process (because of a FilePicker, or Entries API), the file descriptor is sent to the content process where the reading happens. Is this supported yet?
On Fri, Jul 21, 2017 at 3:44 PM, <bo...@mozilla.com> wrote: > As a follow-up to this, tomorrow's (2017-07-22) Nightly will have this > enabled for the Windows content process sandbox as well. > > On Windows this removes access that the User gains via their own SID. > So generally things under their home directory (C:\Users\<username>\). > With exceptions for the Firefox installation directory and the chrome > directory in the profile. > > There are a few other restrictions included as well, for example reading > and writing to the clipboard. > > If you hit any issues on Windows after tomorrow that disappear when you > set the pref security.sandbox.content.level to 2 or lower, please file a > bug to block https://bugzilla.mozilla.org/show_bug.cgi?id=1366697. > > Cheers, > Bob > > > On Thursday, 6 July 2017 15:07:50 UTC+1, Alex Gaynor wrote: > > Hi dev-platform, > > > > On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm > > delighted > > to announce that starting later this week, our macOS and Windows nightly > > builds > > will prohibit read access to most of the filesystem in the content > process! > > > > What does this mean for you? First and foremost, a more secure browser! > > Second, > > it means that if you see bugs, please report them, our goal is to put > this > > on > > the trains for 56! If you run into anything, please file it as a blocker > for > > https://bugzilla.mozilla.org/show_bug.cgi?id=1377522 . > > > > Finally, it means that in code you're writing, you should not expect to > be > > able > > to read from the filesystem in the content process -- with the exception > of > > inside the .app bundle, or in the chrome/ subdirectory of the profile > > directory. > > > > If you need access to a file in content, you should plan on remoting that > > to the > > parent process. When designing these APIs, please be careful to ensure > the > > parent process is able to perform appropriate permissions checks such > that > > the > > IPC mechanism isn't able to bypass the sandbox's goal of preventing a > > malicious > > content process from accessing the entire file system. > > > > This represents the culmination of a lot of work by a lot of folks, both > on > > our > > team and on many other teams who helped out with refactoring their code > -- > > thank > > you! > > > > We're looking forward to also shipping this for Linux soon. > > > > Cheers, > > Alex > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
