Security/Sandbox/2017-10-12

bug 1387837: reviewed ld.so.conf parsing; browsed the glibc source and discovered many “interesting” things
bug 1198552: became entangled with the grsec procfs fd-passing restriction
- which probably also affects the profiler via bug 1198550
- (I used to know why the profiler would read /proc/self/maps vs. just using _dl_iterate_phdr….)
bug 1401666: obtained uplift for the WebGL/udev bug (and its mistakes/regressions)
More of the clone() train:
- bug 1259852: landed env cleanup (& learned something new about C++11)
- bug 1316153: landed ChildPrivileges removal (B2G relics)
- bug 1400061: wrote&posted patch for Mac fd race bug
  - (The BSD one can probably be fixed by copying Linux, after the B2G removal lands, and then we can finally make good on agl@chromium's TODO comment from 2009)
- bug 1401790: wrote&posted patch for ProcessArchitecture removal (OS X + NPAPI + ≤ 53)
bug 1406971: finally went ahead and wrote the simple workaround for most of bug 227246…
- …which accidentally fixes bug 147659
- …and is basically a dup of bug 678369 except that all the useful content is on the new bug; oops.
Still need to get back to bug 1402133 (preprocessor directives vs. Gentoo)

bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
- Fixed first assertion that was invalid due to race.
- Now found second race, just need to work out best way to avoid it.
bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
- Landed more blocking, but looks like some AVs respond by just killing the process.
- It now looks like it is when the AVs cause uesr32.dll to be loaded that the issues happens, possibly because it gets initialised on the wrong thread.
Fair bit of time on reviews.

bug 1407292 - Fixed in running crashtests locally on macOS
bug 1319423 - Don't create files in the content process for printing
- Been reviewed, most feedback responded to
- Like everyone else who has touched printing, I regret it deeply :-)
bug 1407693 - Don't create files in the content process during crashes
- Have patch, need to verify it works on other platforms
macOS GPU process
- Mostly understand how Chromium uses theirs
Anti-virus makes me angry

bug 1404919 - Fonts don't display correctly since update due to content-process sandboxing on macOS
- All submitters are using the Extensis Suitcase Fusion font manager
  - stores fonts in $HOME without extensions
bug 1328975 - Mac e10s printing needs refactoring, causes sandbox violations to be logged
- Prints working without print server connection
- Needs cleanup/more testing

bug 1387837 Consider using /etc/ld.so.conf for creating the broker read access policy
Turns out bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler had more fallout than we realized:
- bug 1400803 - e10s break external protocol handler functionality
- bug 1394182 - Firefox unable to handle magnet links
  - Need to check
  - bug 1297686 When multiple desktop files support the same protocol scheme, only one of them is listed
bug 1386404 - Stop allowing Linux content processes to access /tmp
- Will use the one-fo-all content solution first
- Need to replace TMPDIR env and intercept /tmp

bug 1382251 - Brokering https in NPAPI process
- Actor work
bug 1339259 - Crash in AudioSession::OnSessionDisconnectedInternal
- Not going to uplift
bug 1391414 - Flash Async rendering scaling issue
- Jeromie is trying to find someone to repro
bug 1400169 - Crash in CallHookWithSEH
- ImmunetAV says their latest has a fix (at this point I am just lurking on the communication)

Scoping spreadsheet - https://docs.google.com/spreadsheets/d/151vN5xk_QQIe8GvGRBhkepyZvzNoJpr9Kdso_90I4BQ/edit#gid=0
- Looks like Direct2D and Direct3D will need to be removed from content
  - Does this imply WebGL remoting?
  - yes
- Everything else so far looks fairly well contained

Round table