Security/Sandbox/2018-03-08
From MozillaWiki
« previous week | index | next week »
tjr
- bug 1411401 MinGW Build Doesn't Run
- Thought I could reproduce crashes, then it started running ??)
- Tried running tests. Zero passed. Need to go back to the drawing board.
- bug 1425462 Timer Fuzzing landed
- Followup: Fixed 3 intermittents and a heap out of bounds read
- Working on Context Seed bug 1440195
- Almost have it, but I'm initializing NSS too early for xpcshell again...
- Now that we're close to release, people are concerned about the 2ms timer bump, going to probably have meetings...
- Met with De Tar to try to put Memory Partitioning and JIT Constant Blinding on their schedule
- Halved build times (I think) in bug 1443252
- bug 521435 is the 'Let's use LTO on Linux' bug.
- I worked on Mingw x64 builds, but have a symbol error here: bug 1443823 if anyone has any suggestions
- And I filed a bug to add -Wa,-mbig-obj to solve 'too many sections' errors for Mingw x64 bug 1440013
bobowen
- bug 1441598 - Crash in IPCError-content | PPrintProgressDialog::Msg_CancelledCurrentJob Route error: message sent to unknown actor ID
- Patch landed - decided not to uplift to release so close, but might ride along on a dot release.
gcp
- bug 1438394 The fglrx detection from bug 1376910 is sometimes not working.
- Repro, distro specific, fix on try
- bug 1438215 Sandbox breaks ATI fglrx driver
- Not fixable on our side without sandbox disable
- bug 1420282 MESA-LOADER: failed to retrieve device information
- bug 1416016 WebGL creation failed on some websites on Linux
jld
- Audio is broken (if PulseAudio isn't already running and if not remoted)
- bug 1443612 - cubeb preload should've been preffed, not removed (broke in 59)
- bug 1434392 - inotify woes with inherited LD_PRELOAD (broke in 58)
- Fallout from the MIME service workarounds.
- https://github.com/mozilla/gecko-dev/compare/release...jld:pulseaudio-for-59 is what needs to be uplifted
- GL is broken (for some hybrid GPU setups)
- (Still need to update bugs)
- Plan: broker connect() for pathname (non-abstract) addresses; allow local X and bumblebee
- Have patch; confirmed with someone who has Primus working that it does in fact fix things
- Tried getting this stuff to work on a MacBook and a desktop
- On the MacBook I had trouble getting the kernel to talk to gmux (Apple custom display mux) to use the iGPU
- (Also you need EFI hacks to do the things you'd do in a PC's BIOS config UI.)
- On the desktop, monitors aren't a problem, but I still had crashes, *but* late enough to get the policy figured out
- nvidia is fine; the socket is for stuff we're not doing in content
- Re bug 1438394 being distro-specific: Debian & Ubuntu have /proc/sys/kernel/unprivileged_userns_clone
- (Ubuntu defaults to 1 (at least on “desktop” installs), Debian defaults to 0, and people who aren't me probably don't change it.)
Alex_Gaynor
- bug 1348361 - make spawning new content processes not block the main thread
- Failing linux tests from last week are fixed
- Still a handful of failing tests on Android
- Ask me about all the bugs you run into trying to run tests in the Android emulator (bug 1433279, bug 1443816, ...)
haik
- bug 1437281 - OSX dragging image to desktop changes OSX File associations
- Have a fix uses a sync message
- Have a fix that doesn't add an IPC message, getting feedback on it
- bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
- Should be out for review today
- Using file-dialog read access extensions--turns out the services needed for this are also needed with global read access allowed.
- Enable for Nightly in 61
handyman
- bug 1366256 - NPAPI sandbox level 3
- camera works but has shutdown issues
- bug 1427011 - Crash in CAudioSessionControl::QueueStreamSwitch
- Looks like stale IMMNotificationClient. Probably cubeb.
Roundtable
- Bug 1440849 -(angle-60) Update ANGLE in 60 - FIXED
- fuzzing meeting
- pwn2own next wed -> friday