Security/Sandbox/2017-07-27
From MozillaWiki
« previous week | index | next week »
haik
- Landed:
- bug 1380690 - [Mac] Automatically determine the repo dir so that MOZ_DEVELOPER_REPO_DIR isn't needed
- bug 1376496 - Follow-up fixes to moz-extension remoting support in 1334550
- bug 1380156 - Loading temporary an unpacked extension breaks extension page's CSS in OOP Extensions
- bug 1383841 - [Mac] Disable sandbox violation logging by default
- Perf-related
- bug 1384153 - Artifact builds broken crashing content tabs on latest autoland to m-c merge
- bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox
- Researching iokit use
Alex_Gaynor
- bug 1383818 - Remove access to ocspd mach service
- bug 1384677 - Remove access to cookied mach service
- bug 1384941 - Remove access to mach services related to cameras
- bug 1382739, bug 1384224 Hardlinks in the build process
- win32k
- Scripts now in a real repo: https://github.com/alex/win32k-stuff
- Working on instrumenting a test run
bobowen
- landed
- bug 1383611 - Widevine CDM 984 x64 and x86 blocked by sandbox on Win10
- bug 1364137 - Windows SDK directory not detected properly on 64-bit python
- Should be able to move to requiring Win10 SDK now and so fix bug 1314801.
- bug 1384327 - Nightly & kaspersky antivirus cause a big issue at start-up
- Looks like injected code is now failing in the content process and causing issues.
- bug 1369669 - Unable to preview files from google drive
- Patch to resolve the child exe path before launching on try (or at least I think it is).
- bug 1379951 - a11y crashes [@ GetProxiedAccessibleInSubtree ]
- Couldn't reproduce this now, but I noticed that the pre-Beta report suggested it was down to firefox being run from a symlink/junction point, so might be same issue as bug 1369669.
gcp
- Landed bug 1308400 Construct a file broker policy for default-deny read access on the Linux Desktop
- Some fallout: WebGL, userChrome.css
- bug 1384483 userContent.css gets blocked with sandbox level 3 on Linux
- Testing wrt MOZ_DEV_REPO_DIR and out of tree builds: looks like it's working fine, had some orange, but probably not from sandboxing
- Updated documentation
jld
- Everything is broken.
- socketpair
- SOCK_CLOEXEC: bug 1383888
- bind() et al.
- The NIS thing: some Mesa drivers call getpwuid_r on getuid() to put the username in a shader cache dir
- Can set MESA_GLSL_CACHE_DIR; need to file bug (see also Bug 1380051)
- The NIS thing: some Mesa drivers call getpwuid_r on getuid() to put the username in a shader cache dir
- SysV (backed out)
- ALSA broke again, because (1) no AC_DEFINE(MOZ_ALSA), and (2) it uses shm as well as semaphores
- fglrx uses semaphores (& maybe also shm?)
- Do I need to requisition a test machine with an AMD GPU? (what do you need to know?)
- Should be easy enough to check for “Catalyst” (or probe libs with RTLD_NO_LOAD) and set a flag to allow shm
- Mysterious graphics things where Cairo (maybe via our GTK stuff) talks directly to X and uses shm
- (My unease about all the conditionals in that code is vindicated....)
- Can't reproduce; #gfx had some reasonable-sounding suggestions but they didn't help.
- Might need to ask karlt
- read restrictions
- The DRI sysfs thing from yesterday (bug 1384718)
- (Are we noticing a theme of GPU drivers causing problems?)
- ioctl et al.
- Going for default-deny ioctl; found some surprises.
- Side effect: FFMPEG log messages will probably stop using ANSI colors
- bug 1384292 - “sctp_userspace_get_mtu_from_ifn is broken and useless on non-Windows platforms”
- Media people filed upstream bug; might not be useless upstream, but definitely broken
- Going for default-deny ioctl; found some surprises.
- link/symlink/rename removal
- Seems to work; merge conflicts with symlink magic, but fixed
- Filed bug 1383888 when I noticed we'd forgotten readlinkat; needs to be part of “read restrictions” deliverable.
- Small adjustments to big syscall spreadsheet (https://docs.google.com/spreadsheets/d/12wk_5n5PDzgqXCjmCUnblsXw5QdR5gGYroBxtCrYVBU/edit)
- This may not be the best way to visualize this information
- (e.g., fussing over syscalls that are mostly harmless because there are a lot of them and each of them is a line, while ignoring the X11 socket, is… not ideal)
- Haven't been approached about Widevine v984 yet.
handyman
- bug 1382251 - Brokering https in NPAPI process
- Made more generic. Brokers all calls through 1 IPDL method.
- Both IPDL sides (client/server) are now automatic.
Round Table
- Bug 1344776 - MOZ_LOG doesn't work for child processes because of sandboxing, other OS but Windows
- Bug 1345046 - Create a low level API for logging that is sandbox friendly.
- VMP - new "verified media path" for widevine issue
- Do we still need bug 1343283 before roll-out - perhaps we should have it in 55, but might be too late.
- Remove MOZ_DEV_REPO_DIR from tree, ExtensionProtocolHandler dependency