Security/Sandbox/2016-09-29
From MozillaWiki
« previous week | index | next week »
Contents
haik
- bug 1299329 - Remove printing-related privileges from content process sandbox - landed
- bug 1284588 - OS X: Disable content process write access to user files in the home directory - landed
bobowen
- bug 1147911 - Use a separate content process for file:// URLs
- Good progress - fixed issues with view-source and forward / back navigation, which was partly down to an existing bug in docshell history code.
- Still working on problem with links from file:// to web content, because it allocates a new tab upfront in the child process.
- bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError
- Further investigation here, probably need to add new logging to see if any new dependencies are trying to be loaded.
- Chromium code
- Gone through changes in Chromium code for sandbox/ and base/ up to latest stable from our version in Fx51.
- Corresponded with Chromium sandboxing team and requested security bug access on their advice.
jld
- bug 1303813 — Allow MADV_FREE for Linux GMP; fix Widevine crash from mozjemalloc on newer build hosts.
- bug 1304220 — Allow times(2) for Linux GMP; fix Widevine crash when running on older glibc.
- bug 1289718 (Linux desktop file brokering): finally done reviewing.
gcp
- bug 1289718 Construct a seccomp-bpf policy for file access on Linux Desktop
- Ready to land, but have 1 or 2 patches I want to add
handyman
- bug 1241250 Prezi frozen at loading on fresh profile with latest Nightly 64 bits
- Prezi still unable to reproduce on their end.
- bug 1269114 [x86_64] Last picked directory not saved when using Flash Player
- Landed
- bug 1284897 64 bit Flash Player has storage permissions issues
- Brokering GetOpenFileName/GetSaveFileName to run on parent
- Longer term discussion of Windows content proc file access logging
roundtable
- Unify sandbox verbose-logging controls across platforms?
- Mac: bug 1306239 - 'Add pref to toggle OS X sandbox violation debugging, default off'
- Windows has an env var: MOZ_WIN_SANDBOX_LOGGING
- Linux uses MOZ_SANDBOX_VERBOSE; see http://searchfox.org/mozilla-central/search?q=symbol:E_%3CT_mozilla%3A%3ASandboxInfo%3A%3AFlags%3E_kVerbose&redirect=false
- Security implications of file:// URL page framing web content.
- XP/Vista EOL move to 52 ESR approved by Mayo