Security/Sandbox/2016-08-18

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level - uploaded a patch which makes the USER_NON_ADMIN token a restricted one with the same access, see what aklotz thinks of this work-around.
  • bug 1259601 - Add sandbox status to about:support (added security.sandbox.content.level for all OS) - on inbound.
  • bug 1259087 - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS) - reviewed waiting for feedback from bsmedberg for data collection review.

haik

  • bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - it's working, but font nametable part not done yet
  • bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - in code review
  • bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra - fixed on nightly and aurora

aklotz

  • Re bug 1287426 - New COM MainThreadRuntime stuff is messing with sandbox impersonation token. I've asked Bob to experiment a bit more with how this interaction works.

gcp

  • bug 1296309 Remove unused syscalls from the seccomp whitelist
  • bug 1289718 - Enforce absolute paths for file access. r?tedd

Roundtable