I've been assuming that in the network service, we don't want to allow reading from arbitrary files outside the profile directory. I just want to confirm this is the case. I've been planning of how to implement upload support with this limitation, but Tom just mentioning restricting writes at the last meeting, so wanted to make sure I wasn't off base.--Thanks!
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvohXx%3DNuEeTDtqWa%3DL7r1NspatdRVxcDJPDU59eO5s4%3DQ%40mail.gmail.com.
+security-dev for wider visibility
On Thu, Dec 7, 2017 at 11:23 AM, 'Matt Menke' via network-service-dev <network-service-dev@chromium.org> wrote:
I've been assuming that in the network service, we don't want to allow reading from arbitrary files outside the profile directory. I just want to confirm this is the case. I've been planning of how to implement upload support with this limitation, but Tom just mentioning restricting writes at the last meeting, so wanted to make sure I wasn't off base.Thanks!
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvohXx%3DNuEeTDtqWa%3DL7r1NspatdRVxcDJPDU59eO5s4%3DQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAOuvq23qwW6Rt4b1StNWMfNw2QxVYmaehPQ7h8Tvy29zhhmX5A%40mail.gmail.com.
Yes, for uploads, the "right" to upload a file comes from a file selection dialog box in the browser process, which should open the file and pass the FD where needed.
On Thu, Dec 7, 2017 at 11:35 AM, Chris Palmer <pal...@chromium.org> wrote:
+security-dev for wider visibilityOn Thu, Dec 7, 2017 at 11:23 AM, 'Matt Menke' via network-service-dev <network-service-dev@chromium.org> wrote:I've been assuming that in the network service, we don't want to allow reading from arbitrary files outside the profile directory. I just want to confirm this is the case. I've been planning of how to implement upload support with this limitation, but Tom just mentioning restricting writes at the last meeting, so wanted to make sure I wasn't off base.--Thanks!
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvohXx%3DNuEeTDtqWa%3DL7r1NspatdRVxcDJPDU59eO5s4%3DQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "network-service-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsubscribe...@chromium.org.
To post to this group, send email to network-service-dev@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAOuvq23qwW6Rt4b1StNWMfNw2QxVYmaehPQ7h8Tvy29zhhmX5A%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvpiT8GYgdN1ZPoVmJ%2BaApMxDopF1VeDDjRFzm2aMrhMaw%40mail.gmail.com.
If it's possible to restrict it to just cookies file & cache subdirectories that'd be better than all of profile.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvpiT8GYgdN1ZPoVmJ%2BaApMxDopF1VeDDjRFzm2aMrhMaw%40mail.gmail.com.
No argument there - In particular, I think restricting writes to only certain files in the profile directory is a must.
To unsubscribe from this group and stop receiving emails from it, send an email to network-service-dev+unsub...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvpU9kNQ_Gx2iC7PZ5i7RUKgpXEkkQLOmZHv8JnoMCMytQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/network-service-dev/CAEK7mvpU9kNQ_Gx2iC7PZ5i7RUKgpXEkkQLOmZHv8JnoMCMytQ%40mail.gmail.com.