Security/Sandbox/2015-03-19

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Content Sandboxing
    • bug 1042735 - audio tests not working with low integrity. We will hopefully be able to start with an initial integrity of low (as well as the delayed integrity). When I do this the audio tests suddenly start working. There are some other things I'll need to fix (like crash reporting), but it looks like we might be able to get to a default of low integrity quite soon.
  • GMP/EME Sandboxing
    • Having trouble getting the latest beta version to work.
    • Also not sure if crash reporting is working.
      • Follow up with cpearce

Linux/B2G

  • Content Sandboxing
    • Still playing syscall whack-a-mole on B2G L.
    • The jar patch hasn't broken anything yet. (Not just Linux.)
    • Took away unlink from B2G content processes.
    • Also took away readlink from B2G content processes.
  • Other Linux work

Mac

  • Content Sandboxing
    • Landed 1083344 and closed it. Default sandbox level to 1 -> allow read access to whole filesystem. Added level 2 -> allow read access just to homedir. Access to $HOME/Library still forbidden, except read to profile addons dirs. Tryserver tests passed on 10.10. And none complained yet.
    • Have continued to work on an interpose library that detects when background processes open, read or write files (our content process or other apps' background processes). It now also tracks at least some Apple events. This should be useful for figuring out what we need to broker to the chrome process on the Mac.
  • GMP/EME Sandboxing
    • Should land bug 1110911 very soon now -- which moves the code that launches the GMP plugin sandbox from XUL to plugin-container.

Chromium

Round Table

  • file input elements?
    • Jed to follow up with bsmedberg and billm?
  • move file: URLs to separate content process?
    • Bob to investigate.