Security/Sandbox/2017-09-14
From MozillaWiki
« previous week | index | next week »
=bobowen
- bug 1385207 - Audio over RDP connections not working in 57
- Currently they're saying this should block, so we'd have to pull USER_LIMITED from 56, seems a bit late notice to decide this. Maybe we could add something to the release notes?
- bug 1397301 - Crash in sandbox::SharedMemIPCClient::DoCall
- Look like it is something injecting threads into our process to load DLLs and screwing up the stack address alignment. Possible fix by using same blocking technique as 32-bit in BaseThreadInitThunk hooking. Mainly seemed to be triggered by 64-bit migration.
- bug 1314801 - Enable PROCESS_MITIGATION_IMAGE_LOAD_POLICY
- Landed.
- bug 1380609 - Make Win10 SDK (minimum v10.0.10586.0) required for building Firefox
- Landed.
- bug 1347867 - Crash in CrashReporter::OOPInit (Quick Heal Antivirus SCDETOUR.DLL)
- Not sandboxing but spent a fair bit of time diagnosing this, it's for the 64-bit migration.
- bug 1395952 - Improve telemetry for failed launch of Windows sandboxed process.
- Landed
- Some data coming in, highest offender so far seems to be down to the exe not being there.
Alex_Gaynor
- win32k syscall lockdown
- Attempted to improve performance of data collection, without much luck. Appears there's no way to disable printing to the windbg console (with the exception of a hack using .shell, however .shell's quoting rules are incompatible with breakpoints')
- Running some potentially interesting test suites under instrumentation -- still reviewing stacktraces to see what manual testing missed
gcp
- bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
- bug 1399392 Don't hardcode .config etc, use XDG_* environment vars.
- bug 1396733 [flatpak] add /run/host/fonts to the sandbox whitelist
- bug 1396542 Firefox 57 audio fails on some Linux machines (really: Goobuntu)
- Some security bugs via critsmash and a privacy issue
jld
- bug 1363378 - Tab processes not killed on parent crash; turned out to be close-on-exec problem. Fixed.
- The big clone() thing:
- Removing ChildPrivileges
- Removing kUnexpectedThreads
- LaunchApp will take a LaunchOptions struct like upstream
- Which might mean that some of the sandboxing-related things can go there, and maybe GeckoChildProcessHost can be less terrifying?
- Spent days throwing stuff at Try for what turned out to be missing initializers
- (Which weren't missing before I had to fight the C++ stdlib, but anyway.)
- But now I know how to add extra stuff to the “timed out after 330 seconds thing”, like dumping everything's kernel stack via procfs
- tl;dr: Iff the uninitialized int was 0, a process would read stdin & the entire test run would get SIGTTIN and stop and time out
- I still have a bunch of bugs to file…
- Also somewhere in here I mentioned the fd inheritance race condition I commented about in bug 1259852 (and haven't filed bugs for yet)
- …which led into Mac using posix_spawn to do architecture selection on fat binaries
- …which we seem to use only for NPAPI, which might not be a problem now that it's only Flash?
- bug 1381653 - syscall telemetry in main-summary
- https://github.com/mozilla/telemetry-batch-view/pull/299 — there's a comment about how we're doing the telemetry wrong (?) that I need to make sense of
haik
- bug 1391186 - Thunderbird loses setting as default email client when "mailto" triggered by Firefox 56/57
- landed/uplifted
- bug 1397257 - [Windows] Awesome Screenshot removing error for a second uninstallation
- landed/uplifted
- bug 1393805 - Changes for bug 1332190 broke temporary installations of legacy addons with framescripts
- Kris didn't like the idea of using the per-user extensions dir, got feedback from #testpilot
- bug 1388922 - browser_content_sandbox_fs.js fails to detect $PROFILE/extensions not readable on Linux
- Closed wont fix. The profile is on /tmp issue. Have bug 1386404 to address.
handyman
- bug 1382251 - Brokering https in NPAPI process
- Adobe and Comcast use cases now working
- bug 1395321 - Print to file in Flash bug
- Issue is low integrity. No simple fix (easing sandbox settings or brokering) will work.
- bug 1394024 - Flash crashes when last microphone removed
- Landed. Uplifting.
- bug 1397445 - Remove FILE_EMBEDDED_SERVICEWORKERS telemetry probe
- Landed