Security/Sandbox/2016-10-06

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

  • bug 1307573 - Remove unused system.sb mach-lookups from OS X content sandbox
  • bug 1307282 - Remove global file-read-metadata rule and unused macros from OS X content sandbox
  • bug 1306508 - Whitelist the OS X $TMPDIR and reduce content process write access further

Steven's SandboxMirror kernel extension File system test

bobowen

  • bug 1147911 - Use a separate content process for file:// URLs
    • Have the separate web content browser opening from file content, it's not navigating yet, currently debugging.
  • bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError
    • Sandbox logging changed to try and help with this bug 1307375
  • bug 1271890 - Crash in base::win::PEImage::GetProcAddress
    • Looks like chromium update might have fixed this \o/.
  • Chromium code
    • Waiting on security team to decide who will take on the access.

gcp

  • some iterations on broker patches for 32-bit bustage
  • non-sandboxing work

handyman

jld

  • The last of the broker patches is reviewed. (gcp) I have news for you...
  • bug 1302891 (review) — allow mremap; needed for CFI
  • bug 1288997 (review) — Blob IPC SendStream use-after-ActorDestroy bug

Roundtable

  • Android?