Security/Sandbox/2017-11-16
From MozillaWiki
« previous week | index | next week »
gcp
- bug 1257276 Allow specification of environment variables when creating child processes
- bug 1386404 Stop allowing Linux content processes to access /tmp
- bug 1405877 Cubeb audioipc requires a named Unix-domain socket
bobowen
- bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
- Spiked again in Beta bug 1417959 filed to remove alternate desktop from level 4.
- bug 1403931 - USER_RESTRICTED for content.
- Sandbox logging issues were caused by the sandbox. :-)
- Making some progress on getting a running browser.
handyman
- bug 1382251 - Brokering https in NPAPI process
- In reviews
- bug 1391414 - NPN_InvalidateRect broken when async drawing is disabled
- Spoke with Jeromie (Adobe). Closed invalid.
- bug 1415162 - Set USER_LIMITED on NPAPI proc
- bug 1415160 - Set process mitigations on NPAPI proc
- Building table of behaviors and Win32 APIs that fail under various sandbox settings
Alex_Gaynor
- bug 1407693 - weening crash reporter off creating files; almost ready to upload for review
- bug 1414834 - reland the print IPC changes! working with :bobowen to get it ready to land
haik
- bug 1393259 - Tighten font rules in the Mac content sandbox
- Got MacOSFontEntry::GetFontRef() remoting through the parent
- Is called from Stylo parallel style threads
- Realized PBackground is not the right solution for this, need top level sync protocol
- Prototype working, need to investigate some other code paths
- Got MacOSFontEntry::GetFontRef() remoting through the parent
- bug 1417242 - Some characters don't display anymore with new Firefox 57 while visiting lemonde.fr
- User had old font installed in $HOME causing problem, fixed by user deleting old font
- bug 1417420 - Fonts don't display correctly with content sandboxing on macOS with Font Agent Pro font manager
- Fixed by Jonathan, font manager needing whitelist entry
jld
- bug 1366701 - Stared at patches for Chromium update; mostly done with reviewing, I hope
- bug 1382251 - Started reviewing IPC change for NPAPI TLS brokering
- Looked at assorted regressions; they're all in the triage queue
- Several from WebGL, including one that looks exactly like a bug we fixed
- Yet another bug about font locations (although this one is maybe sort of our fault for using permissive broker logs instead of reading the FreeDesktop specs)
- bug 1401786 - Finally got LaunchOptions landed
- bug 1416177 - Tried to investigate heap-unclassified regression from font IPC change (tentatively blamed on IPC); didn't find anything conclusive
- bug 1401339 - Determined that it's not a sec bug on Linux & we can back that part out
Roundtable
- bug 1391252 - “Site Isolation” - mostly a web platform feature, but the spec refers to and recommends site isolation in the process sandbox sense
erahm
- Here to learn all about the file content process
- Follow up: memory impact