Security/Sandbox/2018-03-29

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

jld

gcp

  • bug 1434711 WebGL causes a crash with the AMDGPU-PRO video driver
    • Some progress. Crash due to lack of access to marketing names and different MESA behavior in /sys/
  • Reviews

tjr

  • [Spectre] Timer Stuff
    • Reduced to 100 us, but might increase to 500 us. VR won't be happy!
    • Intermittents - working on one in particular, but can't repro it on try
    • bug 1436778 Can't reproduce UBSAN issue. MOZ_LOG output?
      • Go look at debug_print_error and ns_warning
  • bug 1446466 Landed JS Allocator compartment - will uplift to beta next monday
  • Backlog
    • bug 1378552 Audited usages of NullPrincipal::Create - Done
  • Third Party Lib Audit Bugs
  • Tor Bugs
    • bug 1397757 Learn More link for Canvas (Tiny) - checking in
    • bug 1447592 Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false (Tiny) - checking in
    • bug 1337157 privacy.resistFingerprinting should disable WEBGL_debug_renderer_info (Tiny) - for review
    • bug 1397624 Make First Party Isolation able to be Private Browsing Mode Only (Medium) - good progress
    • One of the tor folks is working on removing /proc access - I told him to come to #boxing and talk to Jed
  • Got web crawl data from Steve Englehardt, going to clear up space and query it for Canvas stuff
  • bug 1434316 Big Project: MinGW x64 Build
    • Got it compiling last night, need to resolve some debug build issues, then debug why it segfaults
    • Also need to clean up patches and back port bug 1429875 to ensure that didn't break stuff

Alex_Gaynor

  • IPC fuzzing with libFuzzer
    • Working prototype
    • Leaks a ton of memory and spews millions of warning log messages -- need to resolve these to figure out if it works
    • bug 1449679 - First in a probably series of patches to make fuzzing more effective
  • Triaged a bunch of IPC sec bugs

haik

  • bug 1437281 - OSX dragging image to desktop changes OSX File associations
    • Landed, realized I broke Windows, backed out, have new Mac-specific fix out for review
  • 1433577 bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
    • Trying to get print dialog "Open in Preview" to work
      • Can't get it to work so far, probably have to live without
      • MSessionEndDocumentNoDialog() returned -10822 (problem communicating with Launch Services)
      • Print to PDF on Windows doesn't work for me
    • About ready to turn on by default on Nightly only

handyman

  • bug 1366256 - NPAPI sandbox level 3
    • need to debug on a loaner
  • bug 1436972 - Crash in CLockedList::ForEachEntry
  • bug 1449388 - Crash in CLockedList::ForEachEntry in plugin process
    • Bug 1436972 wasn't the issue (but was an issue).
    • I think this is fallout from the restricting SIDs work. Also broke Flash audio device change detection. From the APIs involved, I think they are related.
      • Flash stopped using NPPVpluginRequiresAudioDeviceChanges and returned to IMMDeviceEnumerator (are we sure they ever switched?).
  • bug 1445471 - Crash in EndpointHandler::Copy
    • still only one crash. Backburnered.

Round Table