Security/Sandbox/2014-11-20
From MozillaWiki
« previous week | index | next week »
Standup/Status
Windows
- Content Sandboxing
- bug 928044 - Still waiting on reviews to land the weak content sandbox
- GMP/EME Sandboxing
- Working on tightening the GMP sandbox, in particular bug 1027902, but that requires bug 1041775.
- bug 1098186 - Adobe say they have used another way to get entropy and no longer need \Dev\KsecDD
- Sent an email to Justin Schuh over the GMP Security review - bug 1066855.
Linux/B2G
- Content Sandboxing
- Needs some work. Issues found with a try run: audio drivers, DBus?, …
- (Crash reporting on x86 desktop is not as nice as I'm used to on B2G.)
- GMP/EME Sandboxing
- Sandbox move to plugin-container: ready for review. bug 1101170
- Other Linux work
- Next up: scary change to Linux sandbox startup. bug 1088387
Mac
- GMP/EME Sandboxing
- Mostly waiting for a CDM binary from Adobe to test with. Realistically we don't expect that before 2015.
Chromium
- bug 1041775 - Landed update (to 25/7/14) of chromium sandbox code, but just backed out because of Windows PGO bustage.
EME
- cpearce has ClearKey CDM working with MSE in Nightly.
- Windows node id landed
- extending ClearKey CDM to use WMF platform decoders
- Edwin's bug 1075199
- have automated gtests
- cpearce's out-of-tree plugin is not up to EME spec, but is useful for CDM partners because it is a standalone build.
- someone on the media team (other than edwin) can extend ClearKey CDM to support OS X decoding APIs. OS X native APIs are not that useful to test because Adobe bundles their own SW decoders for OS X and Linux.
- do mochitests download OpenH264 plugin??
- No. The H.264 mochitest uses the "fake" plugin in dom/media/gmp-plugin (which isn't actually an H.264 implementation; it's just to test that the negotiation/infrastructure works). It's also marked as being an EME CDM, which is why it fails on Linux if sandboxing isn't supported; the real OpenH264 works fine.
Round Table
- The next Pwn2Own is 2015-03-18 and will probably test Firefox 36. Are there any sandboxing related changes, independent of e10s, that we want? The Nightly 36 merge date is end of next week.
- No