On Linux, an external app _can_ read the pipes or sockets, via the
/proc/$mozillapid/fd/* mechanism I described earlier. There are almost
certainly similar mechanisms on other platforms, since debuggers provide such
facilities.
I'm all for mitigating the damage buggy apps can do by accident, but protection
against "mischief" on the part of a malicious helper-app author is something
we're not going to be able to provide, and I'd rather we spent the effort elsewhere.
Closing file descriptors is a correctness issue, not a security/protection one.
On Linux, an external app _can_ read the pipes or sockets, via the mozillapid/ fd/* mechanism I described earlier. There are almost
/proc/$
certainly similar mechanisms on other platforms, since debuggers provide such
facilities.
I'm all for mitigating the damage buggy apps can do by accident, but protection
against "mischief" on the part of a malicious helper-app author is something
we're not going to be able to provide, and I'd rather we spent the effort elsewhere.
Closing file descriptors is a correctness issue, not a security/protection one.