Security/Sandbox/2017-10-12
From MozillaWiki
« previous week | index | next week »
jld
- bug 1387837: reviewed ld.so.conf parsing; browsed the glibc source and discovered many “interesting” things
- bug 1198552: became entangled with the grsec procfs fd-passing restriction
- which probably also affects the profiler via bug 1198550
- (I used to know why the profiler would read /proc/self/maps vs. just using _dl_iterate_phdr….)
- bug 1401666: obtained uplift for the WebGL/udev bug (and its mistakes/regressions)
- More of the clone() train:
- bug 1259852: landed env cleanup (& learned something new about C++11)
- bug 1316153: landed ChildPrivileges removal (B2G relics)
- bug 1400061: wrote&posted patch for Mac fd race bug
- (The BSD one can probably be fixed by copying Linux, after the B2G removal lands, and then we can finally make good on agl@chromium's TODO comment from 2009)
- bug 1401790: wrote&posted patch for ProcessArchitecture removal (OS X + NPAPI + ≤ 53)
- bug 1406971: finally went ahead and wrote the simple workaround for most of bug 227246…
- …which accidentally fixes bug 147659
- …and is basically a dup of bug 678369 except that all the useful content is on the new bug; oops.
- Still need to get back to bug 1402133 (preprocessor directives vs. Gentoo)
bobowen
- bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
- Fixed first assertion that was invalid due to race.
- Now found second race, just need to work out best way to avoid it.
- bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
- Landed more blocking, but looks like some AVs respond by just killing the process.
- It now looks like it is when the AVs cause uesr32.dll to be loaded that the issues happens, possibly because it gets initialised on the wrong thread.
- Fair bit of time on reviews.
Alex_Gaynor
- bug 1407292 - Fixed in running crashtests locally on macOS
- bug 1319423 - Don't create files in the content process for printing
- Been reviewed, most feedback responded to
- Like everyone else who has touched printing, I regret it deeply :-)
- bug 1407693 - Don't create files in the content process during crashes
- Have patch, need to verify it works on other platforms
- macOS GPU process
- Mostly understand how Chromium uses theirs
- Anti-virus makes me angry
haik
- bug 1404919 - Fonts don't display correctly since update due to content-process sandboxing on macOS
- All submitters are using the Extensis Suitcase Fusion font manager
- stores fonts in $HOME without extensions
- All submitters are using the Extensis Suitcase Fusion font manager
- bug 1328975 - Mac e10s printing needs refactoring, causes sandbox violations to be logged
- Prints working without print server connection
- Needs cleanup/more testing
gcp
- bug 1387837 Consider using /etc/ld.so.conf for creating the broker read access policy
- Turns out bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler had more fallout than we realized:
- bug 1400803 - e10s break external protocol handler functionality
- bug 1394182 - Firefox unable to handle magnet links
- Need to check
- bug 1297686 When multiple desktop files support the same protocol scheme, only one of them is listed
- bug 1386404 - Stop allowing Linux content processes to access /tmp
- Will use the one-fo-all content solution first
- Need to replace TMPDIR env and intercept /tmp
handyman
- bug 1382251 - Brokering https in NPAPI process
- Actor work
- bug 1339259 - Crash in AudioSession::OnSessionDisconnectedInternal
- Not going to uplift
- bug 1391414 - Flash Async rendering scaling issue
- Jeromie is trying to find someone to repro
- bug 1400169 - Crash in CallHookWithSEH
- ImmunetAV says their latest has a fix (at this point I am just lurking on the communication)
win32k lockdown
- Scoping spreadsheet - https://docs.google.com/spreadsheets/d/151vN5xk_QQIe8GvGRBhkepyZvzNoJpr9Kdso_90I4BQ/edit#gid=0
- Looks like Direct2D and Direct3D will need to be removed from content
- Does this imply WebGL remoting?
- yes
- Everything else so far looks fairly well contained
- Looks like Direct2D and Direct3D will need to be removed from content
Round table
- chromium update for 58? new features like MITIGATION_FORCE_MS_SIGNED_BINS