On 06-07-17 16:07, Alex Gaynor wrote:
> Hi dev-platform,
>
> On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm
> delighted
> to announce that starting later this week, our macOS and Windows nightly
> builds
> will prohibit read access to most of the filesystem in the content
On Fri, Jul 21, 2017 at 7:48 AM, Andrea Marchesini
wrote:
> There are some APIs able to read files in the content process using
> nsFileInputStream: FileReader is one of them.
> The file is opened on the parent process (because of a FilePicker, or
> Entries API), the
There are some APIs able to read files in the content process using
nsFileInputStream: FileReader is one of them.
The file is opened on the parent process (because of a FilePicker, or
Entries API), the file descriptor is sent to the content process where the
reading happens.
Is this supported yet?
As a follow-up to this, tomorrow's (2017-07-22) Nightly will have this enabled
for the Windows content process sandbox as well.
On Windows this removes access that the User gains via their own SID.
So generally things under their home directory (C:\Users\\).
With exceptions for the Firefox
Hooray, this is great news!
On 06.07.2017 16:07, Alex Gaynor wrote:
> Hi dev-platform,
>
> On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm
> delighted
> to announce that starting later this week, our macOS and Windows nightly
> builds
> will prohibit read access to most of
5 matches
Mail list logo