Hi all, Small FYI: With bug 1405088 which landed yesterday, the macOS content process sandbox no longer allows writing to files _anywhere_ on disk. Huge thanks to the folks who helped out with landing the blockers!
Going forward if you need the content process to write something to disk, the appropriate way to do this is to use IPC to request a file descriptor/HANDLE from the parent process. This restriction will eventually apply to all platforms, so even if you're working on a Windows or Linux only feature, it's better to just plan for this restriction. For folks working on IPC, https://wiki.mozilla.org/Security/Sandbox/IPCguide contains general guidance on how to write secure IPC methods to help protect us against sandbox escapes. Thanks! Alex _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
