Security/Sandbox/2018-02-22
From MozillaWiki
« previous week | index | next week »
Contents
tjr
- MinGW
- bug 1439365 Add Opt Build
- bug 1411401 Trying to figure out why the MinGW build doesn't run. Sandbox is causing an issue. Maybe Bob can help :)
- bug 1434316 x64 MinGW Build. Current error: bug 1440013: undefined reference to `__imp_mozalloc_abort'
- Float Stuff
- bug 1438953 - Fixing epsilon due to double imprecision
- {Bug|1430173}} - ESR Patch for 2ms
- {Bug|1425462}} - Timer Jittering
- Fingerprinting
- bug 1435329 Fixup a hash key calculation
- bug 1418162 Fix ESR detection
- bug 1376865 Improve Canvas Permission prompt - currently blocked on BrowserTestUtils.synthesizeMouse not working. Anyone work with this before?
gcp
- bug 1438215 - Sandbox breaks ATI fglrx driver
- getppid seems to be involved, but still seeing crashes with no useful log/trace
- Reviews in other components
- Some words with data/sync people about IPC replacements
haik
- bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
- Lock down process more
- Some services can be removed
- Changed the temp dir to be a flash-specific subdir of $TMPDIR instead
- Got file dialog to work without read access
- Requires adding services that let you read files via sandbox extensions
- Security implications
- Can't get Print "Open in Preview" to work
- Research/debugging/grunt work
- Lock down process more
jld
- bug 1440206 - filed bug for brokering connect()
- Because GPU drivers.
- Shared memory (mostly IPC)
- bug 1439057 - filed bug to remove full /dev/shm access
- bug 1440203 - filed bug separate bug to use memfd_create
- Can't depend on it, so it's just an optimization
- Should "fix" bug 1245239 on newer kernels because memfds aren't subject to FS sizes/quotas/etc.
- bug 1440199 - removing named shared memory (& other dead code) from IPC; have patches
- Process launch fd/handle passing
- Was reviewing/advising on bug 1438678 (prefs via shared memory) and the "user story" here is… not fun.
- bug 1440207 - filed bug with observations and vague ideas
- bug 1438389 - handling chown(); simple; landed
Alex_Gaynor
- bug 1348361 - make spawning new content processes not block
- Working on diagnosing the performance problems. Was not where I expected.
- bug 1440019 - split some changes out that could be landed separately to make it easier to review
- bug 1440034 - regression from the crashreporter patch that Jed caught
- Should be ready to land today
Roundtable
- WebGL remoting?
- jeff muizelaar would look at it next release cycle