New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 717264 link

Starred by 1 user
Status: WontFix
Owner:
ejcaruso@chromium.org
Last visit 15 days ago
Closed: May 2017
Cc:
kerrnel@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

Defer loading PEM key until imageloader is sandboxed

Project Member Reported by kerrnel@chromium.org, May 1 2017 
ImageLoader reads the PEM key from the rootfs before it is sandboxed, which is a potential security risk. The PEM key comes from the signed rootfs, so the risk is low, but we should really just defer reading the key until it is sandboxed.

Comment 1 by kerrnel@chromium.org, May 1 2017

Labels: Restrict-View-SecurityTeam

Comment 2 by kerrnel@chromium.org, May 1 2017

Labels: -Type-Bug -m-560 M-60 Type-Bug-Security

Comment 3 by kerrnel@chromium.org, May 1 2017

Labels: Security_Impact-Head Security_Severity-Low

Comment 4 by palmer@chromium.org, May 1 2017

Components: Internals>Core Internals>Sandbox

Comment 5 by ejcaruso@chromium.org, May 12 2017

Status: WontFix (was: Assigned)
This bug was superseded by  bug #718184 .
Project Member

Comment 6 by sheriffbot@chromium.org, Aug 19 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment