Security/Sandbox/2018-05-03
From MozillaWiki
« previous week | index | next week »
tjr
- MinGW Build: Debugging
- Run a try build with ./mach test ?
- CFI Build
- Got a working LTO build in TaskCluster
- Working on CFI Now
- Timer Intermittents: Still investigating bug 1454584
- Finished Tor, Skia, and 1 Fission doc
- More Fission docs in the pipeline
Alex_Gaynor
- IPC Fuzzing
- bug 1457899 - landed; switched out a KillHard() for IPC_FAIL_NO_REASON()
- bug 1323532 - landed; removed some excessive codegen in IPC, will make a follow up cleanup easier to implement (bug 1457536)
- bug 1456147 - landed; fixed assertion failure in IPC
- sec bugs
gcp
- bug 1134747 - Investigate possibility of proxying/filtering X11 traffic from Linux desktop content processes
- Mostly fighting with rust
jld
- bug 1243108 - the race condition hunt continues
- Good news: we're not leaking memory after all.
- It's the response that's lost… even if we send more responses until the buffer is full.
- More error checking doesn't help.
- The response is being written on the right socket.
- It's not a soundness bug in net/unix/garbage.c, so that's good, I guess.
- And I have a small(ish) C program that reproduces it a lot faster!
- Doesn't repro when confined to a single CPU (which suggests the lack of repro under rr isn't a coincidence).
- (The simple joy of inserting a sched_yield and having it *almost* fix the bug.)
- Forcing the close() on the sending end of a socketpair to happen after the recvmsg() on the other end seems to “fix” it, and isn't a huge hack?
- But it seems to approximately double the latency overhead for back-to-back requests. There might be a better way to do this….
- Good news: we're not leaking memory after all.
- IPC reviews, as usual
- bug 1457657 - nvidia-tls seccomp violation, but it's not really nvidia-tls??
bobowen
- Canvas remoting
- Found some problems with my initial approach, (too much copying and stuck images).
- Just finishing off a better one that should solve those.
haik
- bug 1457501 - Mac Crash deadlock triggered by CrashReporter::GetFlatThreadAnnotation() lock acquisition
- Landed
- bug 1457545 - Mac Crash deadlock triggered by dlsym()/dlopen() deadlock
- Resuming threads after minidump handling avoids the problem
- Looking at alternatives, will wait until after merge to land
- bug 1452278 - [Mac] Make nsOSHelperAppService::GetFromTypeAndExtension() not call OS MIME API's in content
- Generic MIMEInfo class, nsOSHelperAppService
- bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac
- Small sandbox tweak to allow file-map-executable for /Library/GPUBundles, on Autoland
handyman
- bug 1366256 - NPAPI sandbox level 3
- Fix is to add plugin to sandbox file exceptions. Cause is still unclear.
- If there is a general problem with the local builds then my testing may have been useless. I'm doing a second cursory check with automation builds.
- bug 1419488 - Win7 Shutdown hang in CDeviceEnumerator::DestroyHWndNotificationThread (audio)
- Can now debug this with a Win 7 VM.
- Issue is a "hang" due to audio hardware interrupts taking too long (under PnpNotificationThreadWrapper)
- Theory that we can shut this down on a worker thread w/o blocking main loop
- bug 1450708 - Crash in FunctionBroker
- crashes finally seem to be gone. uplifted
- bug 1458034 - multiple volume sliders
- may be back in Windows 10 with v1803 (currently in preview)
round table
- Lightning Talks In SF
- bug 1458083 - win10 loaner has limited permissions
- bug 1458087 - Windows 10 loaners desktop widgets are unusable