Security/Sandbox/2016-09-01

« previous week | index | next week »

haik

• bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - working on code review feedback
• bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - addressing xpcshell-test breakage, out for re-review
• bug 1299329 - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed

bobowen

• bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level - still have issue with USER_NON_ADMIN access level token.
• bug 1259601 - Add sandbox status to about:support (added security.sandbox.content.level for all OS) - landed, waiting for aurora patch review.
• bug 1259087 - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS) - on inbound.

cr

• Looking into bug 922481 (#c7)
  • http://searchfox.org/mozilla-central/source/editor/libeditor/HTMLEditorDataTransfer.cpp
    • uses nsContentUtils::SlurpFileToString
  • http://searchfox.org/mozilla-central/source/dom/base/nsSyncLoadService.cpp
    • uses Open2 and AsyncOpen2 on nsCOMPtr<nsIInputStream> objects
  • http://searchfox.org/mozilla-central/source/dom/media/MediaResource.cpp
    • uses Open2 and AsyncOpen2 on mChannel Media Stream objects. Legit?
    • works with nsCOMPtr<nsIFileChannel> in FileMediaResource::Open
  • http://searchfox.org/mozilla-central/source/dom/xbl/nsXBLService.cpp
    • Uses Open2 and AsyncOpen2 in nsXBLService::FetchBindingDocument
  • http://searchfox.org/mozilla-central/source/extensions/cookie/nsPermissionManager.cpp
    • uses nsCOMPtr<nsIFile> in nsPermissionManager::Import to read file
    • uses Open2 on nsCOMPtr<nsIChannel> object in nsPermissionManager::ImportDefaults
  • http://searchfox.org/mozilla-central/source/extensions/pref/autoconfig/src/nsReadConfig.cpp
    • uses Open2 on nsCOMPtr<nsIChannel> object in nsReadConfig::openAndEvaluateJSFile
  • http://searchfox.org/mozilla-central/source/intl/hyphenation/glue/hnjstdio.cpp
    • uses Open2 on nsCOMPtr<nsIChannel> object in hnjFopen
  • http://searchfox.org/mozilla-central/source/intl/strres/nsStringBundle.cpp
    • uses Open2 on nsCOMPtr<nsIChannel> object in nsStringBundle::LoadProperties
  • http://searchfox.org/mozilla-central/source/intl/strres/nsStringBundleTextOverride.cpp
    • uses Open2 in nsStringBundleTextOverride::Init

(more to come)

gcp

• [Bug 1289718] Construct a seccomp-bpf policy for file access on Linux Desktop
• Adding syscalls to file broker
• tried removing umask (fail, PA), wait4 (ask jld), times (ok)

jld

• Filed bug 1299581 on the mysterious wait4 thing
• Has been poking at file broker patches…

pauljt

• Mini-ww for my team next week
  • Agenda: https://public.etherpad-mozilla.org/p/sandboxing-security-ww
    • Happy to run remote sessions if people want to be involved
• Working through gecko architecture review
  • Meeting with Graphics (dvander) today to continue discussion, will bring result to thread on boxing@
  • Continuing Sandbox Security Model: https://docs.google.com/document/d/1TiU9iXZT05hljOx2f-eUb_RB5Gwor01unCYSEb7xgjs/edit#

handyman

• bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows.
  • Started.
  • Haven't learned yet how to test this.
• bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
  • Issue is network communication
• bug 1171393 - Remove requirement for TEMP dir write access for Windows NPAPI process sandbox
  • Tried the tests locally with 6/4/2015 repo to see why build fails. A quick look was unable to figure what broke.
  • I'm done trying to be thorough. Believe issue is resolved. Will discuss and close the bug.
• bug 1299611 - Adding policy rules to the Windows sandbox can cause a buffer overrun
  • Didn't realize this code was from upstream. Will report issue with patch to Chromium.

spohl

• bug 1202910 - Content sandboxing issues due to NPAPI plug-ins.
  • Read up on NPN_PostURLNotify and NPN_PostURL to understand what needs to be done here.
  • need-info'd jld to confirm my understanding of what needs to be done

Roundtable

• Potential plan for security.sandbox.content.level after write access is removed:
  • Nightly right now has level=1, no ~/Library read/write access, no Profile dir read/write access (except /extensions, /weave)
  • Proposed changes:
    • level = 1: no home write access
    • level = 2: no home write access + no ~/Library read or write + no Profile dir read or write (excluding /extensions)
    • Nightly would be set to 2. While level=1 could ride the trains.
    • Changes definition of levels over time.
    • If there is a Mac problem with remote printing, would need to set print_via_parent=false, level=0.