Security/Sandbox/2018-04-12
From MozillaWiki
« previous week | index | next week »
tjr
- Getting MinGW x64 Running
- First: Getting it debuggable with symbols
- Written my own PE Parser.
- Patched and Cross-Compiled gdb x86 and x64
- Have written my own DWARF parser. It has been running for 7 hours. DWARF is horrible. ASN1 looks like CSV next to DWARF.
- Timer Intermittents
- Followup from a previous bug. I had asked about ways to put in a debugging message; got pointed at NS_WARNING
- Problem: Issue only occurs in opt builds. Is there anything between MOZ_LOG (which would require people to set the correct flag) and MOZ_RELEASE_ASSERT ?
Alex_Gaynor
- IPC Fuzzer
- bug 1452625 - bumped in-tree copy of libFuzzer (to bring in a change I made upstream)
- bug 1451859 - put WIP patch on phabricator (haven't updated in a week though)
- Fixed file descriptor leak
- Fuzzer doesn't appear to ever make its way into AllocPBrowserParent, trying to figure out why
- We now have access to a SQL-for-code tool for doing custom static analysis!
- Used it to find all instance of a bad pattern in our IPC
- lgtm.com
- IPC fixes
- Filed bug 1453338 - make it possible to implement IPDL protocols in Rust. Don't intend to work on it, but I can dream!
bobowen
- bug 1452090 - Only enable handle verifier on 32-bit Nightly and debug builds
- Landed. No hits yet, might see if release management are receptive to turning it on for EARLY_BETA_OR_EARLIER.
- Tiny follow-up bug 1453639 - Call InitializeHandleVerifier before other sandbox calls.
- Looks like preceding changes, have made a least one sec-bug now a safe crash.
- bug 1451376 - Fixed on m-c, beta and esr52.
- Canvas remoting.
- Have a grasp on this code now.
- Working on a version that just records in memory and passes whole recording via shmem.
- Will then start looking into streaming the recording as it is records.
gcp
- reviews
- bug 1129492 Firefox content process has a live connection to the X11 server.
- integrate X proxy in content process launch
jld
- …why did the font size in Etherpad change.
- The last (I hope?) 60 regressions are uplifted (sudo firefox, Snap vs. network namespace)
- To do: write some kind of announcement about the sandbox improvements in 60
- Some IPC things that were annoying me:
- bug 1436156 - CHECK() being a warning
- bug 1278361 - double close on EINTR (maybe responsible for the mysterious EOFs)
- bug 1401776 - raise file descriptor limits
- (Because I went searching for "Sandbox: Unexpected EOF" and found some untriaged dups of those last two)
- bug 1439057 - Dusting off /dev/shm access changes
- The plan of passing the broker across exec has some issues
- But I have another plan; see my last comment
- Reviews.
- (Somehow we wound up talking about information-theoretic entropy vs. thermodynamic entropy, and I threatened to go find my undergrad thermodynamics text.)
haik
- bug 1395504 - Infinite hang of web content process when parent process crashes
- Root caused to be a breakpad bug
- bug 1452278 - [Mac] Make nsOSHelperAppService::GetFromTypeAndExtension() not call OS MIME API's in content
- Looking into moving all Mac MIME-related into parent, making child nsOSHelperAppService generic
- #25737 Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?
- Will miss plat integration meeting due to appt.
handyman
- bug 1366256 - NPAPI sandbox level 3
- Win10 loaners dont grant admin access so no debugger.
- bug 1446499 - FunctionHook::HookProtectedMode should be persistent
- uplifted
Round Table
- On win32k lockdown, assuming no major developments, we have separation area pinpointed for canvas and webgl. SHIPIT!
- ballpark time frame for these projects based on what we know now (in quarters)
- Itemize performance tests we'll use as release criteria for win32k lockdown
- Trade-off decision(s) over the next three quarters: win32k lockdown on Windows vs. mixed hardening work?
- webrenderer will ship in 64 to 4% of release population (assuming it ships on current schedule).
- 66 is the pwn2own 2019 challenge release: 11-26-18 - nightly, 1-7-19 uplift to beta
- when would we enable win32k lockdown on nightly for testing?
- I don't see us shipping this in 66 without pixie dust