Security/Sandbox/2017-05-18
From MozillaWiki
« previous week | index | next week »
Contents
gcp
- bug 1308400 - Construct a file broker policy for default-deny read access on the Linux Desktop
- Some progress on try orange
- jld review in. Serious remarks, but approach seems still ok.
- some nasty issues like memory reporter (about:memory) wanting to read /proc/!self/statm smaps
haik
- bug 1334550 - Proxy moz-extension protocol requests to the parent process
- Addressed most of Honza's feedback
- Working on follow-up patch to open file off the main thread in parent, debugging leak
- Kris got some time and should have feedback today
- bug 1350642 - Remove the PBrowser::Msg_GetTabCount sync IPC
- Testing a fix, need to root cause failure, working on minimal test case
bobowen
- bug 1351358 - Can't submit form to http(s) URL using POST method from a file:// page
- On inbound.
- bug 1175267 - [e10s] about:addons page turns blank when opening XPI file
- On inbound.
- bug 1336657 - Firefox 51.0.1 prints only blank pages
- Landed and uplifted to Beta.
- bug 1339105 - Implement Windows Level 3 content process sandbox
- Green on try, need to upload patches and get review.
- bug 1361336 - Audio output device cannot be changed - nominated for triage.
- bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess with "SetIntegrityLevel should never fail, what happened?"
- rstrong has a fix that is nearly ready for this.
- bug 1358497 - Firefox 52.1 ESR has stopped working exception code e06d7363
- Sounds similar to other issues, need to investigate.
- bug 1364879 - Local file opened from private window does not open in private window
- Have a fix for this, but also noticed that we don't honour the container/userContextId, so I need to look further.
jld
- Finally managed to do some reviewing on the symlink broker thing
- general reverse-normalize is hard
- fixing the modified realpath is less hard
- inotify
- Takes filesystem paths, thus bad.
- GNOME MIME stuff — maybe just testing whether external protocol handler exists?
- (Also FF doesn't offer a system-installed Thunderbird as a mailto: handler, regardless, so ???)
- Seems to not break if soft failed
- So bug 1355273 might not need beta uplift? seems trivial enough that i'd do it?
- On the other hand, why not?
- Resolved: uplift it anyway
- Fun With Telemetry
- The bold-underline text over the histograms is actually a dropdown
- It's not one histogram per key, it's just four selectable histograms
- …unless you have one key, in which case bug 1365751.
- No surprises; everything is either fixed or has a bug already.
- WebRTC and the proxy info - bug 1325242
- Is (probably?) a DBus user, with dconf
- Not a problem yet, but may block network/socket isolation?
- Calls utime, with gconf — crashes on Nightly, may or may not do anything bad on beta/release
- But we have telemetry for this
- bug 1322784
- Is (probably?) a DBus user, with dconf
handyman
- bug 1363290 - Flash Mouse lock
- Handling reviews.
- Limit to fullscreen?
roundtable
- Could the NPAPI sandbox be running at level 3 now on Windows 64-bit?
- bug 1364496 - Get rid of all sync pref file saves
- Documentation — guidelines for new code in Gecko
- jld seems to have accidentally volunteered to at least start this