Security/Sandbox/2017-12-21
From MozillaWiki
« previous week | index | next week »
Contents
haik
- bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes
- Landed on Nightly, will uplift, this was the Sophos bug, turned out not to be Sophos-related
- bug 1421262 - Firefox renders garbage viewing PDFs or Google Docs with nVidia driver
- Appears we need to whitelist an NVIDIA driver, add a sysctl
- bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
- Looking into using sandbox extensions to add access to individual fonts after content has started
- bug 1421957 - [mac] "Open in Preview" sometimes triggers a "Load the following paper into the rear tray" popup then fails
- Talked to :jwatt, seems specific to his printer driver, will test with that driver
gcp
- Landing the enviroment variable patches
- Failures with clang + win, mingw, macOS
- macOS looks trivial, would like mingw setup
- Rebased the other patches in the cascade
jld
- bug 1393287 sigaction sa_mask filtering — ran into “interesting” JS hazard failure, but eventually landed
- I'm glad our GC hazard analysis is very thorough, but, wow.
- Not my bug: bug 1394163, the WebRTC cleanup I've been talking about for months, is finally done
- And I've verified that it unblocks everything that was blocked on it
- Also not my bug, but I reviewed part of it: bug 1405877, the audioipc named socket thing, is fixed
- This removes the 1½-year-old workaround from bug 1259508.
- bug 1401062: clone(); almost done cleaning up the patches....
- bug 1213998: chroot() / net namespace isolation for content: works on Try now that WebRTC is fixed
- bug 1401053: pid namespaces: still have mysterious timeouts on try, but they seem reproducible
- bug 1411629: the mysterious dbus bug… I have an idea, but I need to ask someone who knows GTK if it makes any sense
- bug 1421201: mystery EOFs are not sendmsg() failures and I have no idea what's going on here
Alex_Gaynor
- bug 1359566 - Drop all audio permissions from the content process on mac!
- Arbitrary Code Guard
- Scope out the design space for a Out of Process JIT
- Starting to feel pretty confident about what the path looks like
- Sent a draft over to the JIT team
handyman
- bug 1382251 - Brokering https in NPAPI process
- Back in reviews
- bug 1415160 - Set process mitigations on NPAPI proc
- WIP
- bug 1421944 - Cubeb audio device notification failure
- Issue was not the old IAudioSession bug. No obvious good solutions -- I'm hoping for a cheap fix.
Round Table
- win32ksys lockdown
- q1 planning (okrs) email