Security/Sandbox/2018-04-26

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • MinGW Build
  • CFI Build
    • I got a working build with lld as the linker. I'm now working to enable LTO (probably ThinLTO)
    • Ted helped me overcome one issue this morning (we filed 3 bugs from it), and now onto undefined symbols in JS...
  • Timer Intermittents
  • Lots of gdocs being written (Fission, Tor, Skia)

jld

  • The shared memory changes broke.
  • bug 1456022 - The broker glitch is back
    • We've been leaking space in /dev/shm since 54 and not noticing until i added an assert. So that's bad.
    • I *can* repro the bug locally… about once every 2 hours of continuous testing (or ~8.5e8 RPCs)
      • Probably higher rate per RPC in that one reftest one of the dups mentions, so might be common enough to matter in real usage.
    • 4 repros with fake second response not received, so probably the request getting lost?
    • Planning another test to try to verify that.
  • bug 1455828 - pref data corruption
    • How is this even possible?
    • bug 1456911 - LaunchApp close-on-exec bug if src fd == dst fd (so, for pref shm, if it happens to get fd 8)
      • …which Chromium apparently still has(!); need to file upstream bug.
    • Not filed yet: “backport” not seeking to end & setting append mode, to find out if it's a stray write to the fd
    • bug 1456902 - Get more info when crashing
  • bug 1455800 - Probably not security-sensitive but a second opinion would be nice.

gcp

  • [Bug 1455498] WebGL doesn't work on Linux if drivers are loaded through LD_LIBRARY_PATH
  • X windows proxy:
    • There appears to be very minimal traffic after startup
    • So the proxy is mostly about correlating connections with pids and Content startup
    • Unrusting rust code
    • Need to disallow connections to the real X server somehow! we can now broker connect

bobowen

  • Canvas remoting.
    • My horribly hacked version is working ... sort of.
  • bug 1444699 - Crash in sandbox::`anonymous namespace'::WarmupWindowsLocales
    • Landed on m-c

Alex_Gaynor

  • IPC Fuzing
    • bug 1456147 - filed; assertion failure in underlying buffer management
    • Fuzzer found two sec bugs this week; I found one more by manual inspection
    • bug 1450232 - landed; improve how we handle large length fields in IPC deserialization so the fuzzer doesn't OOM all the time

handyman

  • bug 1366256 - NPAPI sandbox level 3
    • Tracked to being "something about the build binary". (Its not the automation setup.)
  • bug 1450708 - Crash in FunctionBroker
    • Waiting to see if fixed. Uplift?
  • Plugin sec bug

haik

  • bug 1376773 - Intermittent test_crash.py TestCrash.test_crash_chrome_process...
    • Deadlock in breakpad callbacks, similar to 1395504
  • bug 1450715 - Add pref dom.ipc.plugins.sandbox-level.flash to telemetry
    • landed, still needs sql.t.m.o fix for querying in main summary
  • bug 1432567 - [Mac] Add a test that renders fonts from non-standard directories
    • Installed 10.10, using artifact build on local machine for debugging
    • Made a bit of debugging progress