Security/Sandbox/2017-11-09
From MozillaWiki
« previous week | index | next week »
Alex_Gaynor
- bug 1414834 - reland of the print IPC fixes + refactoring print-selection to behave more like other printing code paths
- bug 1414936 - Extremely low frequency crash in printing; still don't understand the cause and no clue how to reproduce. Putting on hold ATM.
- bug 1415379 - Reviewed a change to which directories we allow read from in test. Code itself was fine, but I don't understand why it'd be affecting just one person and they hadn't noticed until now
- bug 1407693 - Don't create files in content process in the crashreporter
bobowen
- bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
- Landed a couple more DLL blocks, going to try again on Beta.
- I suspect we'll have to back-out the Alternate Desktop, some AVs (like Quick Heal AV's Browser Sandbox for 32-bit) give a perma-fail.
- bug 1366701 - Chromium sandbox update.
- Patches up for review.
- Separate blocking bug 1415569 filed to bump Win10 SDK requirement to 10.0.14393.
- bug 1403931 - USER_RESTRICTED for content.
- Started looking at this, initial problem hit with the stack trace logging, which looks like it might have regressed.
gcp
- Blogging: https://5232577621384962517_d7c88e4cb8a2f81346cc67e564f18e51d0673fde.blogspot.com/b/post-preview?token=Xwo7o18BAAA.Rn-dEwax-jQyxfzrsa8XR8_6fhGviXJXa2s-S0ZOU-noRfIRjj_QmJjGiZhvvR_wjJfK8ffaAYleD0zg8qYe0w.iVnmDTPaUs-jPLn8uKGG-g&postId=3530243656651481638&type=POST
- bug 1386404 - The /tmp bug; rewrote, and rewrote, etc.
- TMPDIR replacement causes PulseAudio to fail: investigating - why was this not a problem before?!
- jld speculates that this might be cubeb remoting connect()ing to the wrong path
- https://docs.google.com/document/d/183hUxiuavpc90aIxF771VOwU7EE9AKZalsIJOpQbVes/edit?ts=5a034e3a
haik
- bug 1393259 - Tighten font rules in the Mac content sandbox
- Got MacOSFontEntry::GetFontRef() remoting through the parent
- but that's not sufficient so still debugging which other code paths need it
- Have you seen {Bug|1412090]} }Some Fonts Display as Blank due to content-process sandbox
jld
- Landed various things from last week (syscall arg size, inotify regression, sched_get_priority_m*)
- bug 1386404 - The /tmp bug; reviewed, re-reviewed, etc.
- Investigated/discussed the problem with ProfD/features and Cliqz
- Found that it's just "features" and we probably won't have an endless series of surprises like this from system add-ons
- Not sure what's going on with bug 1376814 now — if system add-ons were never in ProfD/extensions, then ????
- Discussed possibility of executable memory restrictions on Linux
- Could theoretically work but would be difficult — no way to inject mappings like Windows maybe(?) can
- Looked at the patches on bug 1366701 (chromium update) but not the 700 kB of upstream changes, yet.
- IPC: took a stab at bug 1245239, to answer needinfo on bug 1410363
handyman
- bug 1382251 - Brokering https in NPAPI process
- basically ready for review
- dll interceptor failures
- looking into removing/restricting a few of the APIs
- planning a quick list of the issues with hardening NPAPI
Round table
- Bug 1192921 - Create a new install location for system add-ons (features sub folder)
- Bug 1415832 - Sandboxing whitelist for $PROFILE/features
- Bug 1401721 - Crash in mozilla::dom::ContentChild::~ContentChild (can we close this?)
- Desktop release notes only mention Linux sb improvements - want to add mac/win?
- Interesting and well-commented part of a ChromeOS exploit chain that they paid 100k USD bounty for:
https://chromium.googlesource.com/chromium/src/+/c050720e317e5223bcbdcaafb816befa789ceaa9%5E!/